Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1498487
MD5:c7660197be2ae95b1d523e47a37ccb11
SHA1:bcf3f9e333e9353b6ac51c5db4bd592ae212fe8c
SHA256:bf9158cd0b4324b3f21c0a2a36a3fd859ee2365910e4a37b382185c5e15a3e21
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6340 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C7660197BE2AE95B1D523E47A37CCB11)
    • msedge.exe (PID: 3692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6764 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2212,i,6395724042626035195,6606384849668653806,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 3568 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 5444 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7124 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8124 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2216 -prefMapHandle 2208 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee138101-8735-4392-af58-cbb5f6ca004b} 7124 "\\.\pipe\gecko-crash-server-pipe.7124" 1d40d56fb10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9192 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4152 -parentBuildID 20230927232528 -prefsHandle 4036 -prefMapHandle 1536 -prefsLen 26172 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0faffddc-4c99-437b-8802-7a5511723355} 7124 "\\.\pipe\gecko-crash-server-pipe.7124" 1d40d579b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 6252 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7400 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8324 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6964 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8356 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7144 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8588 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7572 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6620 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6728 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7064 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8416 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4072 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8000 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 13%
Source: file.exeVirustotal: Detection: 18%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0064DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061C2A2 FindFirstFileExW,0_2_0061C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006568EE FindFirstFileW,FindClose,0_2_006568EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0065698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0064D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0064D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00659642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00659642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0065979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00659B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00659B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00655C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00655C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 94MB
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 23.200.0.42 23.200.0.42
Source: Joe Sandbox ViewIP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox ViewIP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.110
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0065CE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1709684001&timestamp=1724529783476 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725134580&P2=404&P3=2&P4=IrCv9fvasMsdNqcZnk478SAfEzTLqUX1jN6Ci6Dgd%2bgIiEhmRBwKCrmYMTXft%2fdA2pGNj8yaVBflbomjc3i3WA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: sobazN6qEySbpAB+y/tcySSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4huncaPOPBBl4Fy&MD=aaKFEYWL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4huncaPOPBBl4Fy&MD=aaKFEYWL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log7.8.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log7.8.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log7.8.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2468170299.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210969392.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2696080727.000001D41F28C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400484109.000001D41F42A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400484109.000001D41F426000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2468245209.000001D41B787000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B787000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2366454872.000001D41B787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2468245209.000001D41B787000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B787000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2366454872.000001D41B787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2696080727.000001D41F28C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400484109.000001D41F42A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400484109.000001D41F426000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2208003268.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F282000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2710509043.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: 2e99e487-118f-4388-b29a-ea23c725a4d8.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595378347252","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595381161906","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595384327253","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595385607255","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595385608163","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595384692345","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":216386},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595414580992","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595386824303","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":404033},"server":"https://accounts.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369096981171224","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":1336565},"server":"https://www.bing.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: d1857e2d-6a87-4f31-b1be-3ba71e74ec96.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595378347252","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595381161906","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595384327253","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595385607255","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595385608163","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595384692345","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":216386},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595414580992","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595386824303","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":404033},"server":"https://accounts.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369096981171224","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":1336565},"server":"https://www.bing.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DF81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2412302112.000001D41B7A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2412145636.000001D41B7EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2411183662.000001D41DC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2400873818.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408692777.000001D41EE6A000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2412302112.000001D41B7A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818074461.000001D4209BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364079178.000001D4209BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2695440432.000001D4209BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2711534810.000001D41E4C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2111886846.000001D4203EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2150578139.000001D420B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411183662.000001D41DC4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2412119544.000001D41B7EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401016219.000001D41DC4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412067307.000001D41C34F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411183662.000001D41DC4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2412119544.000001D41B7EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401016219.000001D41DC4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2710509043.000001D41F2D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F2D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411183662.000001D41DC4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000005.00000003.2212243133.000001D419D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468479609.000001D419D8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.2212384569.000001D419D81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468716969.000001D419D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000005.00000003.2212243133.000001D419D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468479609.000001D419D8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.2212384569.000001D419D81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468716969.000001D419D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressionsP5
Source: firefox.exe, 00000005.00000003.2212243133.000001D419D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468479609.000001D419D8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000003.2166203383.000001D41E460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2758488722.000001D41E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2817814981.000001D420B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2857995647.000001D41E3BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2688495927.000001D41E460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806606970.000001D41C8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413574636.000001D41E3EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2155047234.000001D41E3BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202523852.000001D70003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2810541582.000001D41DD37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2811195261.000001D41E3A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2155047234.000001D41E394000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403186045.000001D4209BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2808061172.000001D41E3BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2150578139.000001D420B49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2758488722.000001D41E3EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164533586.000001D4209A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413574636.000001D41E3A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2397784731.000001D420B49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2118098407.000001D420E99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2397784731.000001D420B77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408692777.000001D41EE6A000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408692777.000001D41EE6A000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2411183662.000001D41DC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.2688495927.000001D41E460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2409707877.000001D41E5D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2711534810.000001D41E460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2150764490.000001D420B06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059349507.000001D41DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.2150578139.000001D420B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2397784731.000001D420B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2709954171.000001D420B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164396909.000001D420B42000.00000004.00000800.00020000.00000000.sdmp, Session_13369003378738989.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, 000003.log2.8.dr, Session_13369003378738989.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//
Source: History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 00000011.00000002.3242209230.000001C037B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
Source: Session_13369003378738989.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: firefox.exe, 00000005.00000003.2024057137.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2020355192.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2024185468.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2023849101.000001D4101C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=acuntsettings&continue=https://accounts.google.com/
Source: Session_13369003378738989.8.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.2005723886.00000000014EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2000849532.00000000014EF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2002566291.0000018C5FA6C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2002984366.0000018C5FA78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2003258465.0000018C5FA79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000002.2005723886.00000000014EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2000849532.00000000014EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd%Z
Source: WebAssistDatabase.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: 000003.log2.8.drString found in binary or memory: https://accounts.youtube.com/
Source: Session_13369003378738989.8.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=17096
Source: firefox.exe, 00000005.00000003.2209971417.000001D41C39F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2208003268.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F282000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2710509043.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404831504.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398555653.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2698239022.000001D41B72E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B72E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2862601126.000001D41B72E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2468716969.000001D419D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2468716969.000001D419D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2698239022.000001D41B72E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.9.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.8.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.8.drString found in binary or memory: https://chromewebstore.google.com/
Source: 2e99e487-118f-4388-b29a-ea23c725a4d8.tmp.9.dr, d1857e2d-6a87-4f31-b1be-3ba71e74ec96.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.8.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059349507.000001D41DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json0.8.drString found in binary or memory: https://docs.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000005.00000003.2166802731.000001D41DFA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365523511.000001D41DFA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2209444859.000001D41DFA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059349507.000001D41DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400873818.000001D41DF81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210445353.000001D41B7E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2157939980.000001D41C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806749632.000001D41C876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210445353.000001D41B7E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2157939980.000001D41C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806749632.000001D41C876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2111886846.000001D4203AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403437804.000001D4203AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164735907.000001D4203AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000005.00000003.2468716969.000001D419D6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2412517438.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: 2e99e487-118f-4388-b29a-ea23c725a4d8.tmp.9.dr, d1857e2d-6a87-4f31-b1be-3ba71e74ec96.tmp.9.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000005.00000003.2211437367.000001D41B708000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2209971417.000001D41C3B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2211463866.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411799213.000001D41C3B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365908426.000001D41C3B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2698330638.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412517438.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2150578139.000001D420B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403186045.000001D4209BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164533586.000001D4209A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818074461.000001D4209BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364079178.000001D4209BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2695440432.000001D4209BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.2365908426.000001D41C3D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000005.00000003.2698239022.000001D41B72E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/3c7034d6-bc52-43bb-9a23-5da34ee205e0/health/
Source: firefox.exe, 00000005.00000003.2698239022.000001D41B72E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/a83301c6-790b-49f3-adc7-55a855f7fe79/main/Fi
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000005.00000003.2698330638.000001D41A886000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2166774586.000001D41DFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411023690.000001D41DFEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2698763979.000001D41A83A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2120335645.000001D41F15F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://m.kugou.com/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://m.soundcloud.com/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210445353.000001D41B7E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2157939980.000001D41C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806749632.000001D41C876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210445353.000001D41B7E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2157939980.000001D41C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806749632.000001D41C876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210445353.000001D41B7E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2157939980.000001D41C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806749632.000001D41C876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000B.00000002.3242395390.00000251A9973000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2412517438.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000005.00000003.2209971417.000001D41C39F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.comP
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://music.amazon.com
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://music.apple.com
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://open.spotify.com
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210445353.000001D41B7E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2157939980.000001D41C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806749632.000001D41C876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210445353.000001D41B7E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2157939980.000001D41C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806749632.000001D41C876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.2366348490.000001D41B7A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2412119544.000001D41B7EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400873818.000001D41DF81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000005.00000003.2468170299.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000005.00000003.2468170299.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000005.00000003.2468170299.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000005.00000003.2468170299.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000005.00000003.2411183662.000001D41DC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000005.00000003.2468170299.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.2412517438.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2411799213.000001D41C379000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2166203383.000001D41E4C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2688495927.000001D41E4C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2711534810.000001D41E4C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.2166203383.000001D41E4C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2688495927.000001D41E4C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2711534810.000001D41E4C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000005.00000003.2208003268.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2710509043.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404831504.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398555653.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000005.00000003.2208003268.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F282000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2710509043.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404831504.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398555653.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2698239022.000001D41B72E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B72E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2862601126.000001D41B72E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.2209971417.000001D41C39F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2402240325.000001D420CB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164170514.000001D420CA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2206394381.000001D420CB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2698239022.000001D41B72E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.2209971417.000001D41C39F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468170299.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210969392.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167240553.000001D41B799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2862405017.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2366388133.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://web.telegram.org/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2150856393.000001D41F117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408526047.000001D41F11B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2209175937.000001D41F11B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059349507.000001D41DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400848825.000001D41F117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059349507.000001D41DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2150856393.000001D41F117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408526047.000001D41F11B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2209175937.000001D41F11B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059349507.000001D41DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400848825.000001D41F117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: 2e99e487-118f-4388-b29a-ea23c725a4d8.tmp.9.dr, d1857e2d-6a87-4f31-b1be-3ba71e74ec96.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.instagram.com
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.last.fm/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000003.2468353962.000001D419EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000005.00000003.2212384569.000001D419D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468716969.000001D419D54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000005.00000003.2627924855.00001CF4AE480000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.office.com
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.2211899338.000001D419EE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468170299.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210969392.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412344259.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167240553.000001D41B799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2862405017.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2366388133.000001D41B79C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.tiktok.com/
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2862466489.000001D41B787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: 6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0065EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0065ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0065EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0064AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00679576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00679576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1994685969.00000000006A2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a6a73392-3
Source: file.exe, 00000000.00000000.1994685969.00000000006A2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_b0d57ba4-6
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_4aeefc0c-7
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_c814a2ea-1
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001C037B12377 NtQuerySystemInformation,17_2_000001C037B12377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001C037B39A32 NtQuerySystemInformation,17_2_000001C037B39A32
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0064D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00641201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00641201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0064E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005EBF400_2_005EBF40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006520460_2_00652046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005E80600_2_005E8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006482980_2_00648298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061E4FF0_2_0061E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061676B0_2_0061676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006748730_2_00674873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005ECAF00_2_005ECAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060CAA00_2_0060CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FCC390_2_005FCC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00616DD90_2_00616DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FB1190_2_005FB119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005E91C00_2_005E91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006013940_2_00601394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006017060_2_00601706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060781B0_2_0060781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F997D0_2_005F997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005E79200_2_005E7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006019B00_2_006019B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00607A4A0_2_00607A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00601C770_2_00601C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00607CA70_2_00607CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066BE440_2_0066BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00619EEE0_2_00619EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00601F320_2_00601F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001C037B1237717_2_000001C037B12377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001C037B39A3217_2_000001C037B39A32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001C037B39A7217_2_000001C037B39A72
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001C037B3A15C17_2_000001C037B3A15C
Source: C:\Users\user\Desktop\file.exeCode function: String function: 005FF9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 005E9CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00600A30 appears 46 times
Source: file.exe, 00000000.00000003.2000849532.0000000001526000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename. vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@71/274@27/21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006537B5 GetLastError,FormatMessageW,0_2_006537B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006410BF AdjustTokenPrivileges,CloseHandle,0_2_006410BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006416C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_006416C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006551CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_006551CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_0064D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0065648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005E42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_005E42A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0192cd33-9172-47a9-9a46-28dadcc30122.tmpJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeReversingLabs: Detection: 13%
Source: file.exeVirustotal: Detection: 18%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2212,i,6395724042626035195,6606384849668653806,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2216 -prefMapHandle 2208 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee138101-8735-4392-af58-cbb5f6ca004b} 7124 "\\.\pipe\gecko-crash-server-pipe.7124" 1d40d56fb10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6964 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7144 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4152 -parentBuildID 20230927232528 -prefsHandle 4036 -prefMapHandle 1536 -prefsLen 26172 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0faffddc-4c99-437b-8802-7a5511723355} 7124 "\\.\pipe\gecko-crash-server-pipe.7124" 1d40d579b10 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7572 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6728 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8416 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8000 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2212,i,6395724042626035195,6606384849668653806,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2216 -prefMapHandle 2208 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee138101-8735-4392-af58-cbb5f6ca004b} 7124 "\\.\pipe\gecko-crash-server-pipe.7124" 1d40d56fb10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4152 -parentBuildID 20230927232528 -prefsHandle 4036 -prefMapHandle 1536 -prefsLen 26172 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0faffddc-4c99-437b-8802-7a5511723355} 7124 "\\.\pipe\gecko-crash-server-pipe.7124" 1d40d579b10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6964 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7144 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7572 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6728 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8416 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8000 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005E42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_005E42DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006682F7 pushad ; ret 0_2_006682F8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00600A76 push ecx; ret 0_2_00600A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_005FF98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00671C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00671C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-94878
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001C037B12377 rdtsc 17_2_000001C037B12377
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0064DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061C2A2 FindFirstFileExW,0_2_0061C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006568EE FindFirstFileW,FindClose,0_2_006568EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0065698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0064D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0064D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00659642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00659642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0065979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00659B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00659B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00655C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00655C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005E42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_005E42DE
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: firefox.exe, 00000005.00000003.2024057137.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2020355192.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2024185468.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2023849101.000001D4101C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW9
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696428655f
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: firefox.exe, 0000000B.00000002.3241591396.00000251A972A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3244830946.00000251A9C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3244309309.000001C038164000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000005.00000003.2211899338.000001D419EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468353962.000001D419EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3244353673.00000251A9B13000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: firefox.exe, 00000005.00000003.2024057137.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2020355192.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2024185468.000001D4101C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2023849101.000001D4101C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: firefox.exe, 0000000B.00000002.3244830946.00000251A9C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3244309309.000001C038164000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 0000000B.00000002.3244830946.00000251A9C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
Source: firefox.exe, 0000000B.00000002.3244830946.00000251A9C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWW
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: firefox.exe, 00000011.00000002.3240721185.000001C03786A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: firefox.exe, 0000000B.00000002.3244830946.00000251A9C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWK
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001C037B12377 rdtsc 17_2_000001C037B12377
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065EAA2 BlockInput,0_2_0065EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00612622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00612622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005E42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_005E42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00604CE8 mov eax, dword ptr fs:[00000030h]0_2_00604CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00640B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00640B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00612622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00612622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0060083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006009D5 SetUnhandledExceptionFilter,0_2_006009D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00600C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00600C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00641201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00641201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00622BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00622BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064B226 SendInput,keybd_event,0_2_0064B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006622DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_006622DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00640B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00640B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00641663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00641663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00600698 cpuid 0_2_00600698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00658195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00658195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063D27A GetUserNameW,0_2_0063D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0061B952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005E42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_005E42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00661204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00661204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00661806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00661806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1498487 Sample: file.exe Startdate: 24/08/2024 Architecture: WINDOWS Score: 64 42 telemetry-incoming.r53-2.services.mozilla.com 2->42 44 services.addons.mozilla.org 2->44 46 11 other IPs or domains 2->46 64 Multi AV Scanner detection for submitted file 2->64 66 Binary is likely a compiled AutoIt script file 2->66 68 Machine Learning detection for sample 2->68 70 AI detected suspicious sample 2->70 8 file.exe 1 2->8         started        11 msedge.exe 66 404 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 72 Binary is likely a compiled AutoIt script file 8->72 74 Found API chain indicative of sandbox detection 8->74 16 msedge.exe 10 8->16         started        18 firefox.exe 1 8->18         started        60 192.168.2.5, 443, 49703, 49708 unknown unknown 11->60 62 239.255.255.250 unknown Reserved 11->62 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 95 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        48 13.107.246.41, 443, 49751, 49754 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->48 50 ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56, 443, 49708 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 20->50 56 13 other IPs or domains 20->56 52 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49750, 49764, 49786 GOOGLEUS United States 27->52 54 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49797, 49798 GOOGLEUS United States 27->54 58 5 other IPs or domains 27->58 38 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->38 dropped 40 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->40 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe13%ReversingLabs
file.exe18%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
ssl.bingadsedgeextension-prod-europe.azurewebsites.net0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
http://exslt.org/sets0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
http://exslt.org/dates-and-times0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
https://chromewebstore.google.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://www.openh264.org/0%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://coverage.mozilla.org0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
https://profiler.firefox.com0%URL Reputationsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%Avira URL Cloudsafe
https://docs.google.com/0%VirustotalBrowse
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
https://www.youtube.com0%VirustotalBrowse
https://www.youtube.com0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
https://www.instagram.com0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://www.instagram.com0%VirustotalBrowse
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%VirustotalBrowse
https://i.y.qq.com/n2/m/index.html0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
https://www.deezer.com/0%Avira URL Cloudsafe
https://www.msn.com0%VirustotalBrowse
https://web.telegram.org/0%Avira URL Cloudsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%VirustotalBrowse
https://outlook.office.com/mail/compose?isExtension=true0%VirustotalBrowse
https://accounts.youtube.com/0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://www.deezer.com/0%VirustotalBrowse
https://duckduckgo.com/ac/?q=0%VirustotalBrowse
https://excel.new?from=EdgeM365Shoreline0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://web.telegram.org/0%VirustotalBrowse
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%VirustotalBrowse
https://www.youtube.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://excel.new?from=EdgeM365Shoreline0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
chrome.cloudflare-dns.com
172.64.41.3
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
52.222.236.120
truefalseunknown
ipv4only.arpa
192.0.0.171
truefalseunknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
  • URL Reputation: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://detectportal.firefox.com/firefox.exe, 00000005.00000003.2711534810.000001D41E4C2000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.mozilla.com0firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408692777.000001D41EE6A000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • URL Reputation: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000B.00000002.3242395390.00000251A9973000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CCD000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.9.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://docs.google.com/manifest.json0.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comfirefox.exe, 00000005.00000003.2412517438.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.youtube.com6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059349507.000001D41DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.2208003268.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F282000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2710509043.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404831504.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398555653.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2698239022.000001D41B72E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167269524.000001D41B72E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2862601126.000001D41B72E000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.instagram.com6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2150856393.000001D41F117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408526047.000001D41F11B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2209175937.000001D41F11B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059349507.000001D41DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400848825.000001D41F117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.com/firefox.exe, 00000005.00000003.2366348490.000001D41B7A7000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.msn.comfirefox.exe, 00000005.00000003.2627924855.00001CF4AE480000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC40000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://outlook.office.com/mail/compose?isExtension=true6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.2059217319.000001D41DD6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058954952.000001D41DD36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058772424.000001D41DD1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2059107062.000001D41DD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2058563489.000001D41E200000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/setsfirefox.exe, 00000005.00000003.2212243133.000001D419D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468479609.000001D419D8A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://i.y.qq.com/n2/m/index.html6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.deezer.com/6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://web.telegram.org/6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://accounts.youtube.com/000003.log2.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/commonfirefox.exe, 00000005.00000003.2212243133.000001D419D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468479609.000001D419D8A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comfirefox.exe, 00000005.00000003.2211437367.000001D41B708000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2209971417.000001D41C3B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2211463866.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411799213.000001D41C3B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365908426.000001D41C3B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2698330638.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412517438.000001D41A8B2000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://exslt.org/dates-and-timesfirefox.exe, 00000005.00000003.2212384569.000001D419D81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2468716969.000001D419D81000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://excel.new?from=EdgeM365Shoreline6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.youtube.com/firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2862466489.000001D41B787000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000005.00000003.2167269524.000001D41B723000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://127.0.0.1:firefox.exe, 00000005.00000003.2400873818.000001D41DF81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mofirefox.exe, 00000005.00000003.2209599810.000001D41DC40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC40000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://amazon.comfirefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000005.00000003.2208003268.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2710509043.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404831504.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398555653.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2819154471.000001D41F2EF000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • URL Reputation: safe
unknown
https://chromewebstore.google.com/manifest.json.8.drfalse
  • URL Reputation: safe
unknown
https://drive-preprod.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000005.00000003.2212077306.000001D419DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3242395390.00000251A99CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3242458403.000001C037CED000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore/manifest.json.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://spocs.getpocket.com/firefox.exe, 00000005.00000003.2209599810.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167043959.000001D41DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365680164.000001D41DC2E000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bard.google.com/6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.office.com6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/0/6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2411799213.000001D41C379000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.comPfirefox.exe, 00000005.00000003.2209971417.000001D41C39F000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tidal.com/6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.2166203383.000001D41E460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2758488722.000001D41E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2817814981.000001D420B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2857995647.000001D41E3BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2688495927.000001D41E460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806606970.000001D41C8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413574636.000001D41E3EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2155047234.000001D41E3BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202523852.000001D70003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2810541582.000001D41DD37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2811195261.000001D41E3A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2155047234.000001D41E394000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403186045.000001D4209BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2808061172.000001D41E3BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2150578139.000001D420B49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2758488722.000001D41E3EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2164533586.000001D4209A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413574636.000001D41E3A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2397784731.000001D420B49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2118098407.000001D420E99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2397784731.000001D420B77000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.openh264.org/firefox.exe, 00000005.00000003.2211899338.000001D419EE2000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://gaana.com/6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2415107367.000001D41F600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408692777.000001D41EE6A000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.9.drfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/compose?isExtension=true6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000005.00000003.2695729511.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403846103.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2818307473.000001D4202AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364403819.000001D4202AE000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.comfirefox.exe, 0000000B.00000002.3243967746.00000251A9A00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3241426052.000001C037980000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000005.00000003.2366202890.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412145636.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2210445353.000001D41B7E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2157939980.000001D41C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2167161491.000001D41B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2806749632.000001D41C876000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline6e3bd5fe-a688-4f51-9253-d4342748b244.tmp.8.drfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.200.0.42
unknownUnited States
20940AKAMAI-ASN1EUfalse
13.107.246.41
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.44.201.37
unknownUnited States
20940AKAMAI-ASN1EUfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
142.251.40.129
unknownUnited States
15169GOOGLEUSfalse
162.159.61.3
unknownUnited States
13335CLOUDFLARENETUSfalse
52.222.236.120
services.addons.mozilla.orgUnited States
16509AMAZON-02USfalse
142.251.16.84
unknownUnited States
15169GOOGLEUSfalse
172.64.41.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
142.250.64.100
unknownUnited States
15169GOOGLEUSfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.250.80.78
unknownUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
142.251.32.110
unknownUnited States
15169GOOGLEUSfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1498487
Start date and time:2024-08-24 22:02:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 36s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:25
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal64.evad.winEXE@71/274@27/21
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 36
  • Number of non-executed functions: 314
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 204.79.197.239, 13.107.21.239, 64.233.167.84, 142.250.181.238, 13.107.6.158, 2.19.126.145, 2.19.126.152, 216.58.206.35, 142.250.186.99, 2.23.209.140, 2.23.209.130, 2.23.209.133, 2.23.209.182, 2.23.209.187, 2.23.209.149, 2.23.209.189, 2.23.209.185, 2.23.209.179, 20.103.156.88, 138.113.27.176, 192.229.221.95, 2.22.61.56, 2.22.61.59, 172.217.16.206, 216.58.206.78, 142.251.40.99, 142.251.40.227, 142.250.65.227, 142.250.81.227, 142.250.72.99, 142.250.65.195
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, api.edgeoffer.microsoft.com, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-mse
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.200.0.42file.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        RummikubSetup_ex64LTS.exeGet hashmaliciousUnknownBrowse
          email_2024-08-08_093556_00 (2).mhtGet hashmaliciousCoinhive, XmrigBrowse
            random.exeGet hashmaliciousBabadedaBrowse
              random.exeGet hashmaliciousBabadedaBrowse
                file.exeGet hashmaliciousBabadedaBrowse
                  file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                    file.exeGet hashmaliciousBabadedaBrowse
                      13.107.246.41http://www.surveymonkey.com/tr/v1/te/PUEIZHbYTJGrZEIkVMWlCoicdktJQxDgUh5D5mhe1V5RrTmuIdynx7PnFHXRUx9slMgQjvZdyUWqhr_2Bl49oNXjy3TOleTjKMKR6WbsGcrstlT2syBMlSkW7U5aKlKcBD9NFqJqrxGyODSWJJr6_2BMbXsKkDA_2F0ep4iw23xw6huuM_3DGet hashmaliciousUnknownBrowse
                      • www.eand.com/en/index.html
                      02-11-2024 MVP.htmlGet hashmaliciousUnknownBrowse
                      • www.mvphealthcare.com/
                      02-11-2024 MVP.htmlGet hashmaliciousUnknownBrowse
                      • www.mvphealthcare.com/
                      http://y84x.mjt.lu/lnk/CAAABPdweCoAAAAAAAAAAAVG8MwAAAA6pnMAAAAAAAvpOQBlhIO4-ImJ1UImRBC5CNVIkLSaswAL-7Q/2/r-vXj7XjX0azsD7QNKNH-A/aHR0cHM6Ly9hcHBjZW50ZXIubXMvaW52aXRhdGlvbnMvb3JnL2IxNjM2ZDYzMTE0YTM0MjBkYWFmNTg4YTE5N2Y0N2MxNGY4ZDViNWMyM2ZjM2RhYTgxMWM0ODgwOWM1ZTZkNjQGet hashmaliciousUnknownBrowse
                      • appcenter.ms/
                      http://url7816.acetaxi.com/ls/click?upn=k9eqZnPBEZmPVPka3LxS61O1ksdCJOgznvtiwccqzi2-2BneqvfCXEJ-2FQj-2BZo7snmCwDunBahf2LYhfs7qQp7-2F23xLStq-2BkxJ70xqVvyXzkWM-3D8Cie_z5TGfmB4A65PPE2hDgRdrx6OZsZ3AmrJLHJ0M9ePWeHP5QDTWsAVp117uXam9dNn-2BGSxHeP-2BInRF-2Bgy2v-2FXBPODjmLss6NRV2RYsUYD7um77hgLl0ET9pPGTHF-2BQ1m6-2Fw7-2B-2B9DJOpakZj874YLC8uUep0F7rZMDlM46gmHmQqqAeCV477M0h2b07T2IcXu0hzUcKftN0UG2jhPq8qo00cQl0gvOLl-2BjChyaOdLpENao-3DGet hashmaliciousUnknownBrowse
                      • twiliosolutions.azurefd.net/
                      152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                      • www.ust.com/

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      example.orgfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      services.addons.mozilla.orgfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 18.65.39.85
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 18.65.39.31
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 18.65.39.4
                      file.exeGet hashmaliciousUnknownBrowse
                      • 3.165.136.99
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.23
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 18.65.39.4
                      file.exeGet hashmaliciousUnknownBrowse
                      • 18.65.39.4
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      chrome.cloudflare-dns.comfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASN1EUSetup.exeGet hashmaliciousLummaCBrowse
                      • 23.67.133.187
                      Setup.exeGet hashmaliciousLummaCBrowse
                      • 23.197.127.21
                      Setup.exeGet hashmaliciousLummaCBrowse
                      • 23.197.127.21
                      Setup.exeGet hashmaliciousLummaCBrowse
                      • 23.197.127.21
                      Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                      • 23.67.133.187
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.65
                      file.exeGet hashmaliciousVidarBrowse
                      • 23.197.127.21
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 104.70.121.211
                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 23.197.127.21
                      MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 13.107.246.40
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 20.96.153.111
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      https://www.wita.org/wp-login.php?action=rp&key=WIXXf8mMVxmBCgiJjzdZ&login=lfair%40USChamber.comGet hashmaliciousUnknownBrowse
                      • 150.171.27.10
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      EDGECASTUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      AKAMAI-ASN1EUSetup.exeGet hashmaliciousLummaCBrowse
                      • 23.67.133.187
                      Setup.exeGet hashmaliciousLummaCBrowse
                      • 23.197.127.21
                      Setup.exeGet hashmaliciousLummaCBrowse
                      • 23.197.127.21
                      Setup.exeGet hashmaliciousLummaCBrowse
                      • 23.197.127.21
                      Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                      • 23.67.133.187
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.65
                      file.exeGet hashmaliciousVidarBrowse
                      • 23.197.127.21
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 104.70.121.211
                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 23.197.127.21

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      file.exeGet hashmaliciousUnknownBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      https://jam-paq.com/api/aHR0cHM6Ly9nb29nbGUuY29t&sig=ZDUxNjU0ZTllNzZkYTAxNWE4OTNkZTAyM2ZkZDA1MGViMGIzY2UyOTU1MzY1NGMyNjFlOTExM2ZiMzA5MzdmMg&exp=MTcyNDIzOTUzMQGet hashmaliciousUnknownBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      file.exeGet hashmaliciousUnknownBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      file.exeGet hashmaliciousUnknownBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      file.exeGet hashmaliciousUnknownBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      file.exeGet hashmaliciousUnknownBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      https://www.wita.org/wp-login.php?action=rp&key=WIXXf8mMVxmBCgiJjzdZ&login=lfair%40USChamber.comGet hashmaliciousUnknownBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 40.127.169.103
                      • 184.28.90.27
                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.120.208.123

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse

                                                              Created / dropped Files

                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_de10c3d9-046b-408e-943e-b6cb52961ef7.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6439
                                                              Entropy (8bit):5.141877099339374
                                                              Encrypted:false
                                                              SSDEEP:192:YDKMimATcbhbVbTbfbRbObtbyEznpnSrDtTZdB:oP2cNhnzFSJ7nSrDhZdB
                                                              MD5:A11A4267DDBDCA3DFF067F1875849A52
                                                              SHA1:DD709A2118D40A9FDCFD1F3024F16D37AC2D866F
                                                              SHA-256:0120BFFDE726A556A944DFB372CC6275849C224370B5ABA820DC915FF36AA812
                                                              SHA-512:7265FB57273EA8CB8DD06824609B272CFDBE7F7D2FB2CDA4AB6028D0B157DC845EDB6C456761E1C8CFAA301FC74C68AE1FC9E6EF23E756E539F2A299C25E09D5
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"de10c3d9-046b-408e-943e-b6cb52961ef7","creationDate":"2024-08-24T21:14:32.801Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_de10c3d9-046b-408e-943e-b6cb52961ef7.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6439
                                                              Entropy (8bit):5.141877099339374
                                                              Encrypted:false
                                                              SSDEEP:192:YDKMimATcbhbVbTbfbRbObtbyEznpnSrDtTZdB:oP2cNhnzFSJ7nSrDhZdB
                                                              MD5:A11A4267DDBDCA3DFF067F1875849A52
                                                              SHA1:DD709A2118D40A9FDCFD1F3024F16D37AC2D866F
                                                              SHA-256:0120BFFDE726A556A944DFB372CC6275849C224370B5ABA820DC915FF36AA812
                                                              SHA-512:7265FB57273EA8CB8DD06824609B272CFDBE7F7D2FB2CDA4AB6028D0B157DC845EDB6C456761E1C8CFAA301FC74C68AE1FC9E6EF23E756E539F2A299C25E09D5
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"de10c3d9-046b-408e-943e-b6cb52961ef7","creationDate":"2024-08-24T21:14:32.801Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0192cd33-9172-47a9-9a46-28dadcc30122.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44137
                                                              Entropy (8bit):6.090728521811828
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMBwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynER6mtbz8hu3VlXr4CRo1
                                                              MD5:04296588DD63D973B40FBC8362A4827C
                                                              SHA1:0C931852D395A5961B84B3F83FB6D9C89FC338A1
                                                              SHA-256:5CC687445C8356EED6510003B7CD7844D50231F0D590D3BDB93EB46F2097B7F3
                                                              SHA-512:31311FF0252888AC848381946E1B805AAFF44286C750350875DD3C6F749455FADA456EF35A4F44BE0E003D441BF9C702B645BD85B730EF818640D939C78A3250
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0c5b7ee0-10a9-4609-8125-95921453c43d.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):45938
                                                              Entropy (8bit):6.088515104330725
                                                              Encrypted:false
                                                              SSDEEP:768:mM7X2zt1jKYqHkZeM9OFFxhDO6vP6OstxA0srnwta4am7PCAohGoup1Xl3jVzXra:mMSzvKYqst9OS6Mz+9mLRohhu3VlXr49
                                                              MD5:E9D18A06503968DFFC665B27C9F7FFE5
                                                              SHA1:B9F11462634CABE7267881BB493BDB0CAEAB46F2
                                                              SHA-256:DD4470326BDF7CEEFADE5D935B377B21B85A812CA31CACF5DFD365D1D6EA93A0
                                                              SHA-512:7B7AD167239ADA8728B38B3A3AD13CB94D704EDC8B574F0602F4633CF043B2C7460CDB90E6B2A980589947FCDEAF8A265F9CC57FCD23AB112E77D7DAC842FA89
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7b7035b4-0988-4ea3-8447-f4f68301302f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):44600
                                                              Entropy (8bit):6.095692056820429
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBhwu0hDO6vP6OstxAoArX4/XdkcGoup1Xl3jVzXr2:z/Ps+wsI7ynEv6MzIchu3VlXr4CRo1
                                                              MD5:D57B465AC1BC4B63F6E8500BFA49E8C8
                                                              SHA1:77AAC886884DACB2690735D3AC8C2A215F54E76A
                                                              SHA-256:91E0C886D8CB4489380BB6A22A4190E36CA1612CC6938262AB1376CD8806E6D6
                                                              SHA-512:AC255432896FF4D3CDB0216B42219BCB26324C15BF24E325CDFB7696709E6704702B5DC52AE14D0526D7E28CFC4DCBA0133421F50FE4E9718485AFB66D6FB45D
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\95c77974-f476-4863-bdde-fdd59dfc4741.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44656
                                                              Entropy (8bit):6.096216983170373
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBSwu0hDO6vP6OstxA0srnwtacGoup1Xl3jVzXr4CW:z/Ps+wsI7yOEK6Mz+chu3VlXr4CRo1
                                                              MD5:E6E9A88979E7CBA9BE03EBB36FAAA061
                                                              SHA1:CCA68855F6E0F5B57302880FF7619ADDC6DF3C0C
                                                              SHA-256:D74092F1FB3A506533B480CB8A59F9895C32687B47821B77501C42ADCBEA79E9
                                                              SHA-512:5132A4B81B53360EF40C880391F49BF68DC98E5DA8FEF7291D7F78DBD72265CB159E685B2FE66DD170499BE95F74BE5760DDAB0B17D2FB5E1923952E0C22D710
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\7be90e10-ba77-49a7-a993-f33fddaf1b32.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640169812365318
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7g:fwUQC5VwBIiElEd2K57P7g
                                                              MD5:D317A1069717AF45FC861714DD0A22C5
                                                              SHA1:35541055A1413A913A3367FBEC466E4B7ABC21A6
                                                              SHA-256:5575BEA8664FF1D946BDF20A229510DB85D24B8722CBFBD0DC77583D93900EF3
                                                              SHA-512:ABDDB701867F9D4322511ED7E2DC8EF0596C11CE6573F0CF1469C527B27CD13BADCA877E53050200FFAF4CC0269CDAA1AF4B885A1BE30364C44026DBD89667F3
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640169812365318
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7g:fwUQC5VwBIiElEd2K57P7g
                                                              MD5:D317A1069717AF45FC861714DD0A22C5
                                                              SHA1:35541055A1413A913A3367FBEC466E4B7ABC21A6
                                                              SHA-256:5575BEA8664FF1D946BDF20A229510DB85D24B8722CBFBD0DC77583D93900EF3
                                                              SHA-512:ABDDB701867F9D4322511ED7E2DC8EF0596C11CE6573F0CF1469C527B27CD13BADCA877E53050200FFAF4CC0269CDAA1AF4B885A1BE30364C44026DBD89667F3
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66CA3C6F-186C.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.4725230603086783
                                                              Encrypted:false
                                                              SSDEEP:6144:Ub6C4ocpSXFnPaHSejn1kNPeqfwbGaHu:kTFnCJ1H9
                                                              MD5:AD2899C160265A8C893F5BCA1F043B03
                                                              SHA1:136DE5052AE7D7E97E02069EA1FBEF059CFB6C63
                                                              SHA-256:DA661E4D6187FEDF6C0E6B8752BE9D18253E252FEF1B64A5FA0949A001E26190
                                                              SHA-512:84A431D22912FD20E2698578D0168D7449746D5679EB2FEA8EF29EBD5D8215FE213B6EE7D2229F87AFF998816E092608A37A6782FA0FE68C2F7576094BD5A8A6
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".pxcnxk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.............. .2..............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):280
                                                              Entropy (8bit):4.132041621771752
                                                              Encrypted:false
                                                              SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                              MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                              SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                              SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                              SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                              Malicious:false
                                                              Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1812f138-395a-4392-b90d-f678b6fd58c4.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13118
                                                              Entropy (8bit):5.284795999548525
                                                              Encrypted:false
                                                              SSDEEP:192:stuJ99QTryDigabatSuyis59nsZihprQkBO3E8abV+FYpQA66WOuaFIMY6PsYJ:stuPGKSuBs59nfhpNbGeQx6W1aTYm
                                                              MD5:BECE849C4770584E8DF34EB1640C4297
                                                              SHA1:6BFA7C12919AEE5D2EE9A4BF4F1DD2D2BEAE620D
                                                              SHA-256:198324547108C7147F3FF67F8712678F065146B79D78B94AB398BEBA5B516859
                                                              SHA-512:909914B3371012A93B679EF02B9944707C2A17A9C4FEBAAEE325D0B6963209B782D22498A01B84C085C14945074ED3BD0F1489707224F69904F1A83883EF35EF
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369003376850638","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2aca418f-ab22-4e15-8d97-7191d3f2f7b4.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6e3bd5fe-a688-4f51-9253-d4342748b244.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):115717
                                                              Entropy (8bit):5.183660917461099
                                                              Encrypted:false
                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                              Malicious:false
                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7662500a-c7d7-44a1-9ce6-c085f17adf11.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13283
                                                              Entropy (8bit):5.282295964466435
                                                              Encrypted:false
                                                              SSDEEP:192:stuJ99QTryDigabatSuyis59nsZihprQkBO3E8abV+FYpQA66WWBlaFIMY6PsYJ:stuPGKSuBs59nfhpNbGeQx6WQlaTYm
                                                              MD5:FEF65BBC1AA80FF52F7C0D503BB3461A
                                                              SHA1:23C1700D0762E06AA8782A00C8506D99D34BAE13
                                                              SHA-256:AAF01D1ED6EF11966C7BBF53E27B1879D359D5543D4368E6FF9675EEB675EF40
                                                              SHA-512:03A9638255C542B8199212AD094C96AE6DE7924943EBAC16BB49B47C906400500820DDEA664157E8BD8FEE2FBC3BA7139AC9D91BFF5B36DCDBA1E0B62198E6F4
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369003376850638","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9fa22b9a-cf82-4b43-96ff-8231ad92ac24.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):26889
                                                              Entropy (8bit):5.576299818437572
                                                              Encrypted:false
                                                              SSDEEP:768:H5i91DWPvvff28F1+UoAYDCx9Tuqh0VfUC9xbog/OVV4IOR77rwap1tuc:H5i91DWPvvff2u1jag4IQ7QEtj
                                                              MD5:9E32E80B57F69D68B4CA69C62C95CC2F
                                                              SHA1:B149743D8ECC749A27E656C890050E771280E6E6
                                                              SHA-256:C3E5D47D313F42B9E28415D7A7CA38C45843779D5649EDEC2169A67C95C933EA
                                                              SHA-512:B0DD016415D0CCC5E919753CA6DDD93E24D65FFB2AC14041E02A0CD900A7044462D676379F2152C30BCACF6D4639689AE4261F8637C5AA217D5BBB7991DAF187
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369003376247857","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369003376247857","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):33
                                                              Entropy (8bit):3.5394429593752084
                                                              Encrypted:false
                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):307
                                                              Entropy (8bit):5.2389013556819055
                                                              Encrypted:false
                                                              SSDEEP:6:N71923oH+Tcwtp3hBtB2KLlLuWw1yq2P923oH+Tcwtp3hBWsIFUv:NuYebp3dFL1Jv4Yebp3eFUv
                                                              MD5:431C5D184E59BAF7A4EA84E39DFE52D3
                                                              SHA1:9FA347F6AF33128731CCBEE5827140CFD030745E
                                                              SHA-256:A0A5A96ED0967C1B5F437717802B906B57B1CEDC737EBBBDC06819E8FE47288A
                                                              SHA-512:2679811E346F3C089BAB539DE013885BACE05FC5F872B2CF8CD1A2631BF6937DC82BF40FB8414F64B69E0F9A5041A8DB14CB0E7AE4A8B258DA393804E8D2B62E
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:02.896 a50 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/08/24-16:03:04.635 a50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):2163821
                                                              Entropy (8bit):5.22288099164234
                                                              Encrypted:false
                                                              SSDEEP:24576:v+/PN8FUfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8ifx2mjF
                                                              MD5:63772F347F94D417756C2FE135B865A1
                                                              SHA1:9C67609F26FBC6BC56BB9B9DFFD1863EE10CC35A
                                                              SHA-256:0FD62C648D79998BD640450D6EE6ED3CF3FE1967AE0236B3CEA918A3D6876E87
                                                              SHA-512:3AF1E0A8C87AF47CE6D8E37786D5926BDD9F7FC513CC4BC58B6B0CEC31CDF83324AC24D883049A031879A78DB7CB91904E551DB1D45653D9D2DDA620BCD9D8EF
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):336
                                                              Entropy (8bit):5.1450905003801415
                                                              Encrypted:false
                                                              SSDEEP:6:NiR+q2P923oH+Tcwt9Eh1tIFUt88VUQAWZmw+8q/iVkwO923oH+Tcwt9Eh15LJ:No+v4Yeb9Eh16FUt88+QAW/+8nV5LYe8
                                                              MD5:141332B2810502AECE2867C8EC276F50
                                                              SHA1:0B5EF73ECCAD30B3799AA46F96949181E4851F85
                                                              SHA-256:54FB2DA13305B060A3E52431B4A5C88A0BF61D3FC3C06CC136D6DB651F31CF1D
                                                              SHA-512:CBEE6D8056C9D0A4961C6F8BBF00F33DCCA858C6852DAEFD8C0732C587C4C8539E28C9B13F764180B726652A90150CC35F3A2849E78A0C007929A6EBCC687B09
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:02.759 213c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/24-16:03:02.761 213c Recovering log #3.2024/08/24-16:03:02.772 213c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):336
                                                              Entropy (8bit):5.1450905003801415
                                                              Encrypted:false
                                                              SSDEEP:6:NiR+q2P923oH+Tcwt9Eh1tIFUt88VUQAWZmw+8q/iVkwO923oH+Tcwt9Eh15LJ:No+v4Yeb9Eh16FUt88+QAW/+8nV5LYe8
                                                              MD5:141332B2810502AECE2867C8EC276F50
                                                              SHA1:0B5EF73ECCAD30B3799AA46F96949181E4851F85
                                                              SHA-256:54FB2DA13305B060A3E52431B4A5C88A0BF61D3FC3C06CC136D6DB651F31CF1D
                                                              SHA-512:CBEE6D8056C9D0A4961C6F8BBF00F33DCCA858C6852DAEFD8C0732C587C4C8539E28C9B13F764180B726652A90150CC35F3A2849E78A0C007929A6EBCC687B09
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:02.759 213c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/24-16:03:02.761 213c Recovering log #3.2024/08/24-16:03:02.772 213c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.4652316645756881
                                                              Encrypted:false
                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNj2:TouQq3qh7z3bY2LNW9WMcUvBk
                                                              MD5:3FEAB9168C339C1AF90BE1107F49D6D0
                                                              SHA1:379C372EDC8515605D5F70378DAB1DBACB957AC8
                                                              SHA-256:0C3DB54DC0E1FF61C8074A1EA4C516A81C85196AEEBD9247FC8C039839883FA7
                                                              SHA-512:88E93C45C91D940EF379CC5B04A78CD5D4377CFB8CA566D37A5E4811856371C5F6CDC1380ADB610CB653649FC31081358FB36723BFDD7FECF849AB11BA247A63
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):10240
                                                              Entropy (8bit):0.8708334089814068
                                                              Encrypted:false
                                                              SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                              MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                              SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                              SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                              SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):635774
                                                              Entropy (8bit):6.012183659776851
                                                              Encrypted:false
                                                              SSDEEP:12288:eKY6rpp/82GXDV9cna1/eIek1MTfLninC2cctsJlGX9URyNPpa:PXG9XKS/e4xngoI8X9U9
                                                              MD5:77B3B72C15C17A12B168C2C1F760BA67
                                                              SHA1:2B9AE8FFA0485CEB9A8566E1F4BE0BB4142525D0
                                                              SHA-256:9CF553A7ADE051A9F5F4323CE3AD213147E60FEDF5E6D1771340DB36A723C470
                                                              SHA-512:318D98C731E9D06CAAB89A808B1291A65ABAED32CF4084B635E180CA876E56B7BF116CA7440CDC6352B1EA18C5A3BD975CE66FFF822DAB1F2CED2C41F25CD721
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1...W.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3763266,"primeBases":[5381,5381,5381,5381],"supportedDomains":"oEXxTbaof5Y1hW7e/pbiHNxh3jYTa3aWNl0IUVTdlTTBavPYycmnlwG1AdukGG09optkQKCrjVEfBvhi51iq5zc0TqLrOXGnVaIdAgGJ8KVmX5IKQlFcZmI2CMo4qLJDeMrr5/V5RqLCUocBgMB9K0HqcJAgHLMA1ITIb2mwxBMGEQ5Co34XflxTlPs+XCMjekep2LnfWNbGuyPHXvLIYKWWyQCgNghVDoV4KLVlczuI7vWH+P79MdfnQrh7D06T5Mxvr3kOEaD3qjm0T/dCFBe4MwSW/LWpjxMEb/+WKVNoMK82Da0psvRq/U6zP2MS4ta7tELF8UraMb7JqvnJ8jUPcjiSnF6GfX6MgKIWTmgcPHszlybOlYoHREhjmcR7rngOXb/egLDAb9KmusQYfli0660iNB+X2vX5bREpWlyReFUPkL3KiatAnSoASyUs0ev6XRWPQmEh8FRlGVZ6eQE1b2RA4r8ItQ5gCQ9uMVAeAkhcz+5G7+B5jT3qthWoxAhvaBx1+zcTMlU5GDPcnFlfleXE8w5i5qPJVgMBhmRS42joAJ2OZ7bv74rzkUiGCHVPYLTDSQEBihlOsUAMbjOAdkPQrieSkIT6JWQkqgxDzI8gpoTCDZjSY/WTmYzDz4D+fzJf6jPQtH+6p9R5kaXYgibpSl87wwCaEaQqh7JpvDsgG43ECG2xxuH/2CYo46OBFiUknwAdOFOIrij2RVjxAAMBKQAFMbyTTAA8UDT/VMdw4y/1JJrSzQqqASC4Y1Nv4pqSMbP6UQsvqspERTSmpWlWUkqysRq

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):142
                                                              Entropy (8bit):5.004687781522849
                                                              Encrypted:false
                                                              SSDEEP:3:yW/38E28xp4m3rscUSXRrhXkSjPNNlltlf+nETPxpK2x7L7EFtC4bXUFisn:F38D8xSEsIXRreSzNt+n0PxEWTEHzcFn
                                                              MD5:442E06526809C4B99E2E515CF54BB311
                                                              SHA1:17D489DB2E9D352302A9E0260B0C09124509C45E
                                                              SHA-256:F84F73C3555AFA010A897FBF17E63C437B918E16756BFD7CF28C0C20B2B2946F
                                                              SHA-512:4489FACAF20958B310B8F0E92A6AC31CE3ED5E0990CD734DF905C52F42A3BD467648E81215B0684168EC2F6EBC83FE657CCBDBD66602553ECC60BAD4F8A3D0DE
                                                              Malicious:false
                                                              Preview:.oi,9................BLOOM_FILTER_EXPIRY_TIME:.1724616182.272775.N .G................BLOOM_FILTER_LAST_MODIFIED:.Sat, 24 Aug 2024 19:23:21 GMT

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):635749
                                                              Entropy (8bit):6.0117261268484015
                                                              Encrypted:false
                                                              SSDEEP:12288:xKO6rcp/75GjDVBc4a1JpIek1bBfmnoC2cctsJlG09bRykPje:8UV0jzSJp4dgoa809bu
                                                              MD5:CBB0FF72213C7EBD1CF626DE40A0724E
                                                              SHA1:CC798EF05D1FB411AF67797BD876B78FAC907C21
                                                              SHA-256:6E6192FDA4EBBE0C0BF83C0AB0A70920EB8CC45A9C4C21191B2DCC27B72D7404
                                                              SHA-512:755D68BAFB4A45BB90E98F46BD2088B97D1E8DA6D2C7970FF2FAC6DE7000D599AE85692CEAA5EC0F4291C1DC581053487F2FC0BD1A12527C32FCF9CDFF2D1B0A
                                                              Malicious:false
                                                              Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3763266,"primeBases":[5381,5381,5381,5381],"supportedDomains":"oEXxTbaof5Y1hW7e/pbiHNxh3jYTa3aWNl0IUVTdlTTBavPYycmnlwG1AdukGG09optkQKCrjVEfBvhi51iq5zc0TqLrOXGnVaIdAgGJ8KVmX5IKQlFcZmI2CMo4qLJDeMrr5/V5RqLCUocBgMB9K0HqcJAgHLMA1ITIb2mwxBMGEQ5Co34XflxTlPs+XCMjekep2LnfWNbGuyPHXvLIYKWWyQCgNghVDoV4KLVlczuI7vWH+P79MdfnQrh7D06T5Mxvr3kOEaD3qjm0T/dCFBe4MwSW/LWpjxMEb/+WKVNoMK82Da0psvRq/U6zP2MS4ta7tELF8UraMb7JqvnJ8jUPcjiSnF6GfX6MgKIWTmgcPHszlybOlYoHREhjmcR7rngOXb/egLDAb9KmusQYfli0660iNB+X2vX5bREpWlyReFUPkL3KiatAnSoASyUs0ev6XRWPQmEh8FRlGVZ6eQE1b2RA4r8ItQ5gCQ9uMVAeAkhcz+5G7+B5jT3qthWoxAhvaBx1+zcTMlU5GDPcnFlfleXE8w5i5qPJVgMBhmRS42joAJ2OZ7bv74rzkUiGCHVPYLTDSQEBihlOsUAMbjOAdkPQrieSkIT6JWQkqgxDzI8gpoTCDZjSY/WTmYzDz4D+fzJf6jPQtH+6p9R5kaXYgibpSl87wwCaEaQqh7JpvDsgG43ECG2xxuH/2CYo46OBFiUknwAdOFOIrij2RVjxAAMBKQAFMbyTTAA8UDT/VMdw4y/1JJrSzQqqASC4Y1Nv4pqSMbP6UQsvqspERTSmpWlWUkqysRqad4ySvuvuTvk2iW8bAsKAUlVu4wlDOqpGSMPQUCL4gDP

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):5.257488752685835
                                                              Encrypted:false
                                                              SSDEEP:12:NF4q3+v4Yebn9GFUt88F4NN1/+8F4NfV5LYebn95Z9LHcxf011xfd21K8zO7h:NFtM4Yeb9ig88F6N7F6fLYeb9zd51ouh
                                                              MD5:4AE1983FCAEB154C42D212C894833FBE
                                                              SHA1:D5DE81C61BF5F2A0CD3849A1BD12B1F65DA077D3
                                                              SHA-256:C4FA247CC7AF5017B86D46ABCCED44AD7E2A5AE34E4869BD61415701828D6005
                                                              SHA-512:3871FB42642AD08FD27A39C867F893A4637EC033AF131DA3AE6535B5227C57680A28AE20E8E0127AF731CD430311F6983215180416973FEEACFC56F5CDD5EDDF
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.278 1c9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/24-16:02:56.279 1c9c Recovering log #3.2024/08/24-16:02:56.279 1c9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/08/24-16:03:02.298 1c40 Level-0 table #5: started.2024/08/24-16:03:02.323 1c40 Level-0 table #5: 635749 bytes OK.2024/08/24-16:03:02.325 1c40 Delete type=0 #3.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):5.257488752685835
                                                              Encrypted:false
                                                              SSDEEP:12:NF4q3+v4Yebn9GFUt88F4NN1/+8F4NfV5LYebn95Z9LHcxf011xfd21K8zO7h:NFtM4Yeb9ig88F6N7F6fLYeb9zd51ouh
                                                              MD5:4AE1983FCAEB154C42D212C894833FBE
                                                              SHA1:D5DE81C61BF5F2A0CD3849A1BD12B1F65DA077D3
                                                              SHA-256:C4FA247CC7AF5017B86D46ABCCED44AD7E2A5AE34E4869BD61415701828D6005
                                                              SHA-512:3871FB42642AD08FD27A39C867F893A4637EC033AF131DA3AE6535B5227C57680A28AE20E8E0127AF731CD430311F6983215180416973FEEACFC56F5CDD5EDDF
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.278 1c9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/24-16:02:56.279 1c9c Recovering log #3.2024/08/24-16:02:56.279 1c9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/08/24-16:03:02.298 1c40 Level-0 table #5: started.2024/08/24-16:03:02.323 1c40 Level-0 table #5: 635749 bytes OK.2024/08/24-16:03:02.325 1c40 Delete type=0 #3.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):103
                                                              Entropy (8bit):5.287315490441997
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjFknThind5xFxN3erkEtl:scoBY7jFNbxFDkHl
                                                              MD5:50F2E2220E861B065523A7BF869F083F
                                                              SHA1:D2DEE8DCE8A80B9D2A92A7EEEB816236E41F66CF
                                                              SHA-256:86624A8B251E70CB9FAE87CBF77A7DFE3814FA6D019E8CC33EEEC82FB66380C0
                                                              SHA-512:E96674D4F0AD9C6CC701AE22D7CE2EB57B03001351D165FC4DBA0A5642B1851BA4F735457DF00681E0F07843F87A61259727FD900B4678009E3493200E424250
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator.......GP.7...............&.BLOOM_FILTER:.........DB_VERSION........

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6141808316244253
                                                              Encrypted:false
                                                              SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jy3Op4zmL:TO8D4jJ/6Up+z
                                                              MD5:E9BF320706A322CEEEAEC9D27D42F85C
                                                              SHA1:8FAE8C2CC24F3E5A131F9D76FF4F92158A6AD7BC
                                                              SHA-256:24E5EEC583D96F17FD52743A3D2AF9A3AB572B9E67C552F6BC8D15C5A6F2E7D2
                                                              SHA-512:11B76B1F02397CC8AADB0411164B15A3ADE76790BA2014CCF247BC959D43A9AC3D03AB27DD4D9C43626480A7730E25BCAC57A5D2837B79CA799FF73E13ED76BF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):375520
                                                              Entropy (8bit):5.354147178644011
                                                              Encrypted:false
                                                              SSDEEP:6144:ZA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:ZFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                              MD5:4355311634F7D30EC7D580316C874831
                                                              SHA1:A392029B6DADC5A92EEE11B7F781BFB9944547DC
                                                              SHA-256:0B4627B69104D039152BEF6DC14314F4F057BDF2285A6A969A9926232D0AB7C8
                                                              SHA-512:5B0DEE88A4FACA3B40010FC6D1BCD2D8CA83E733E16F0DA58BE5497517F4CF638A3545D4AF4BF28629ED38CFF019FFD05EFB50E5DA4B8D81C0BAA7D501F7806D
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1...q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13369003384502366..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):311
                                                              Entropy (8bit):5.165509954903245
                                                              Encrypted:false
                                                              SSDEEP:6:NbSm21923oH+Tcwtk2WwnvB2KLlLdDM+q2P923oH+Tcwtk2WwnvIFUv:NbSmTYebkxwnvFL1lM+v4YebkxwnQFUv
                                                              MD5:7F62CD1F873FF0E119E37BF5A5A0E233
                                                              SHA1:F89FA8346EFE4DF4DA653119D41ED877D5D589CB
                                                              SHA-256:E814A6C928C1DAC8538D81A591644AEA762032C574D97565202588E15FB4AE22
                                                              SHA-512:8389C7F414B03FEB8F095E09D6F172B34F34140930FA25F1D80C7DF0365B57160A5D0B87AE046B9A8F60269D38B0E1DC459A6CBC30A4A921A921F8905ED5678A
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:02.787 216c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/08/24-16:03:02.828 216c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):358860
                                                              Entropy (8bit):5.324629298480613
                                                              Encrypted:false
                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RZ:C1gAg1zfvR
                                                              MD5:08F092F8EBB825026FE470FF4C708270
                                                              SHA1:1B02A4B4FF39B5253C94310D62D6C089C489F594
                                                              SHA-256:B9797AAB07A89F38362F7ACC4E7F33FD9DDF8C362B5300BB5F48A07DD63A1927
                                                              SHA-512:FB517F2692974013D5E637FD4BFDFB7537CA7EFD1C6C2956880DDEBA50BEAE44936A638F6BE51A1EFD53B5872E7F8C111A12AB554C22B7DA40876B28385B298E
                                                              Malicious:false
                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):418
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.206269359666033
                                                              Encrypted:false
                                                              SSDEEP:6:NF4wPq2P923oH+Tcwt8aPrqIFUt88F48Zmw+8F48kwO923oH+Tcwt8amLJ:NF4wPv4YebL3FUt88F48/+8F485LYebc
                                                              MD5:8C1C3575472618D3B9F44DFAAB970EB3
                                                              SHA1:F646075FE51B82488FC68FF8DCC15AE2A76736EC
                                                              SHA-256:7AE22C453B2501189D24F2B5C9ED82E06E0780F19531DCE1B8CD10050CAAD408
                                                              SHA-512:F1A1D428F4B7E745E1DBEAA8E273FA3F06CCE881D5C60A180679B2764D8D8E94F199980542ADCF788E3129CFB746B5240AC1F38B361C530DF461C86698235BD2
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.319 1c94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/24-16:02:56.325 1c94 Recovering log #3.2024/08/24-16:02:56.325 1c94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.206269359666033
                                                              Encrypted:false
                                                              SSDEEP:6:NF4wPq2P923oH+Tcwt8aPrqIFUt88F48Zmw+8F48kwO923oH+Tcwt8amLJ:NF4wPv4YebL3FUt88F48/+8F485LYebc
                                                              MD5:8C1C3575472618D3B9F44DFAAB970EB3
                                                              SHA1:F646075FE51B82488FC68FF8DCC15AE2A76736EC
                                                              SHA-256:7AE22C453B2501189D24F2B5C9ED82E06E0780F19531DCE1B8CD10050CAAD408
                                                              SHA-512:F1A1D428F4B7E745E1DBEAA8E273FA3F06CCE881D5C60A180679B2764D8D8E94F199980542ADCF788E3129CFB746B5240AC1F38B361C530DF461C86698235BD2
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.319 1c94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/24-16:02:56.325 1c94 Recovering log #3.2024/08/24-16:02:56.325 1c94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):418
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):328
                                                              Entropy (8bit):5.208635761994918
                                                              Encrypted:false
                                                              SSDEEP:6:NF4gPq2P923oH+Tcwt865IFUt88F4dRZmw+8F4dLkwO923oH+Tcwt86+ULJ:NF4gPv4Yeb/WFUt88F4L/+8F4B5LYebD
                                                              MD5:1E08CA104BAEB0F3D89034A557FE9FA3
                                                              SHA1:46F05F208E351A96FEDBE0BD71F68234C7BBC9BC
                                                              SHA-256:DACE97A42434B889C7677AB02E37895C0036AA85E91D924E46852CFD66F37C8A
                                                              SHA-512:48A859CB5AB01DE658F2A2CE49ED716C1F9F6D494266D3211FD7EE2A8ADB81461AD51A6E599393BEDA28E08E7F9412E54E917364752153C94770723C2226CF0F
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.355 1c94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/24-16:02:56.360 1c94 Recovering log #3.2024/08/24-16:02:56.360 1c94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):328
                                                              Entropy (8bit):5.208635761994918
                                                              Encrypted:false
                                                              SSDEEP:6:NF4gPq2P923oH+Tcwt865IFUt88F4dRZmw+8F4dLkwO923oH+Tcwt86+ULJ:NF4gPv4Yeb/WFUt88F4L/+8F4B5LYebD
                                                              MD5:1E08CA104BAEB0F3D89034A557FE9FA3
                                                              SHA1:46F05F208E351A96FEDBE0BD71F68234C7BBC9BC
                                                              SHA-256:DACE97A42434B889C7677AB02E37895C0036AA85E91D924E46852CFD66F37C8A
                                                              SHA-512:48A859CB5AB01DE658F2A2CE49ED716C1F9F6D494266D3211FD7EE2A8ADB81461AD51A6E599393BEDA28E08E7F9412E54E917364752153C94770723C2226CF0F
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.355 1c94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/24-16:02:56.360 1c94 Recovering log #3.2024/08/24-16:02:56.360 1c94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):1254
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                              MD5:826B4C0003ABB7604485322423C5212A
                                                              SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                              SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                              SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.170927937877136
                                                              Encrypted:false
                                                              SSDEEP:6:NF44LvIq2P923oH+Tcwt8NIFUt88F44qZZmw+8F446OkwO923oH+Tcwt8+eLJ:NF44LAv4YebpFUt88F44qZ/+8F4435LO
                                                              MD5:953C828F27787315CEF80E34BC2FDCF2
                                                              SHA1:B5D7665696DE1F8AE0A43E43F03F3055DE1237F6
                                                              SHA-256:CA4416D89959E977D51F6C777D2BD99C8ED5284169D927CA35BF04973BEDA77D
                                                              SHA-512:71380C824BFFEFF93374DE9F96286060878A64F5051940411C84993BEEC1D25CF884390BC39BE1514324C38783465F812C57A48A4A97F8294A9E45464FA08070
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:57.121 1c40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/24-16:02:57.128 1c40 Recovering log #3.2024/08/24-16:02:57.129 1c40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.170927937877136
                                                              Encrypted:false
                                                              SSDEEP:6:NF44LvIq2P923oH+Tcwt8NIFUt88F44qZZmw+8F446OkwO923oH+Tcwt8+eLJ:NF44LAv4YebpFUt88F44qZ/+8F4435LO
                                                              MD5:953C828F27787315CEF80E34BC2FDCF2
                                                              SHA1:B5D7665696DE1F8AE0A43E43F03F3055DE1237F6
                                                              SHA-256:CA4416D89959E977D51F6C777D2BD99C8ED5284169D927CA35BF04973BEDA77D
                                                              SHA-512:71380C824BFFEFF93374DE9F96286060878A64F5051940411C84993BEEC1D25CF884390BC39BE1514324C38783465F812C57A48A4A97F8294A9E45464FA08070
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:57.121 1c40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/24-16:02:57.128 1c40 Recovering log #3.2024/08/24-16:02:57.129 1c40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):429
                                                              Entropy (8bit):5.809210454117189
                                                              Encrypted:false
                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                              Malicious:false
                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):2.445538175637836
                                                              Encrypted:false
                                                              SSDEEP:96:0BCymIzQzdfHelS9nsH4/AztcfuuoKwqQsde:mNm2QJvsHXzCfPo1qQD
                                                              MD5:292230FBAB67FC3842122A89FA31A049
                                                              SHA1:CEACF52A2AD070C2644FC6454598304DF6ABE3CD
                                                              SHA-256:7E034819C2178395BA08FC76B7ED72C870A06CB703281ECF5611EDCFBD14161B
                                                              SHA-512:C107C1856AFB0F04BE4E8DB151836A9F473D1C4AC806B9084C5272FF53DA6AEC26D9ED97627704E9D8CC4E4F7FC1A9BEFB50E6E83603726D9E2D36BEF30CFE61
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):155648
                                                              Entropy (8bit):0.6768404335473722
                                                              Encrypted:false
                                                              SSDEEP:96:DQAhdPSwt8WyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEpk+QDd9:DQA7bXhH+bDo3iN0Z2TVJkXBBE3ybMQr
                                                              MD5:BDE7D5EA7AF7D86D97B10F85CCA2F692
                                                              SHA1:1B87DED2D910DD3303CB08459111A5518F674E3C
                                                              SHA-256:D6C526A59A1C49BE8F80BD7AF174F78F3190CD92475C0E525EC240AB7C43E606
                                                              SHA-512:FDDDA920821ECA3CF1CDA032A1F38849C682531F305F80B6810548F22697DE18E087BD06C2FEC211BC755CED69C761FCE9A00DCE6279ABBE4B3429E3ED958B2C
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8720
                                                              Entropy (8bit):0.21880421027789765
                                                              Encrypted:false
                                                              SSDEEP:3:PeRlntFlljq7A/mhWJFuQ3yy7IOWUIpwl/dweytllrE9SFcTp4AGbNCV9RUIRn:Ww75fOLl/d0Xi99pEYLn
                                                              MD5:8D8581C5B61EE3A60FBF87A2E2E4E4AF
                                                              SHA1:62B4A9C56E550BE05C682821D30CFBF720C40B05
                                                              SHA-256:112A672A97139C184DA44806B15D92F6C806026239434A77B795BA453154EEAE
                                                              SHA-512:5DE32604890C160F1579CEE6C43202E3CFDF8FD28DEB67073C2A48AEFCC08E3CFB473A455DAEECE9B4B44F156A14C94C703947FAA9A9C1172116A4D6CF998E2D
                                                              Malicious:false
                                                              Preview:............-')....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):115717
                                                              Entropy (8bit):5.183660917461099
                                                              Encrypted:false
                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                              Malicious:false
                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):49152
                                                              Entropy (8bit):3.648136367543165
                                                              Encrypted:false
                                                              SSDEEP:384:aj9P0OQkQerkjl5cbP/KbtIgam6IThj773pLLRKToaAu:adJe2ml+bP/SjF7NRKcC
                                                              MD5:AFA113B9927A62737C44C871815A4355
                                                              SHA1:0090F6FD8A2E6280F513D5DE8979F05DEB4F58DB
                                                              SHA-256:0D78C9F0496C38B4CDF7A9CF9E767558CF2F3A4C3D13F348EF7CF168C262E095
                                                              SHA-512:58FB40F9C1A2CC10F772A0507C8F2CF5D36EADAC39DB093EB08B3BA29F2539C470A737570130926E09847D52D2F4575ABA7DCA7195C07E88BF0319584F1E083C
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):408
                                                              Entropy (8bit):5.2558666634325215
                                                              Encrypted:false
                                                              SSDEEP:12:NPyv4Yeb8rcHEZrELFUt88T/+8hiR5LYeb8rcHEZrEZSJ:Ng4Yeb8nZrExg885hALYeb8nZrEZe
                                                              MD5:AF4B6D767AAA0104CAFF3E64CE71F53D
                                                              SHA1:F79F878A0130C73452CCBAF007A2B2ED9F541A7A
                                                              SHA-256:0C898110FEF3BF4F00F922D10318CBDAAF3F0E5808FBA75DF5E2D66FC9F9CCFB
                                                              SHA-512:D38AC4F5FE56016EBFB1A4AA173B0E5CE8B43A8679D8CCD291CE0E98B3A1E8A433FE81493ADB552557BCA116A1E1E022169AB03F6727CE3E193DE5B14328FA76
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:02.246 1c38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/24-16:03:02.246 1c38 Recovering log #3.2024/08/24-16:03:02.247 1c38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):408
                                                              Entropy (8bit):5.2558666634325215
                                                              Encrypted:false
                                                              SSDEEP:12:NPyv4Yeb8rcHEZrELFUt88T/+8hiR5LYeb8rcHEZrEZSJ:Ng4Yeb8nZrExg885hALYeb8nZrEZe
                                                              MD5:AF4B6D767AAA0104CAFF3E64CE71F53D
                                                              SHA1:F79F878A0130C73452CCBAF007A2B2ED9F541A7A
                                                              SHA-256:0C898110FEF3BF4F00F922D10318CBDAAF3F0E5808FBA75DF5E2D66FC9F9CCFB
                                                              SHA-512:D38AC4F5FE56016EBFB1A4AA173B0E5CE8B43A8679D8CCD291CE0E98B3A1E8A433FE81493ADB552557BCA116A1E1E022169AB03F6727CE3E193DE5B14328FA76
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:02.246 1c38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/24-16:03:02.246 1c38 Recovering log #3.2024/08/24-16:03:02.247 1c38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):336
                                                              Entropy (8bit):5.168211879482294
                                                              Encrypted:false
                                                              SSDEEP:6:NF42Q7Oq2P923oH+Tcwt8a2jMGIFUt88F422rZmw+8F420hkwO923oH+Tcwt8a23:NF4sv4Yeb8EFUt88F4Pr/+8F475LYebw
                                                              MD5:C655B5128B315AB0BFDC9C149919E776
                                                              SHA1:39289BD30EDBB7E6282D6DDBCDC59FCC9C8CDF27
                                                              SHA-256:EAE8B2CAC38A5484412001F3C186BEBAAA58B71ABE2CA253ADAF244CE1742B86
                                                              SHA-512:11D4479353E1ACE9E030B4115D51B3CE6AD555BEC46EB0A736C18E3567675D960947F2502C18276D9A823B706E04AAE69EC0040309B9D1BC4E3973B6AAABE7A4
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.815 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/24-16:02:56.817 1da0 Recovering log #3.2024/08/24-16:02:56.819 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):336
                                                              Entropy (8bit):5.168211879482294
                                                              Encrypted:false
                                                              SSDEEP:6:NF42Q7Oq2P923oH+Tcwt8a2jMGIFUt88F422rZmw+8F420hkwO923oH+Tcwt8a23:NF4sv4Yeb8EFUt88F4Pr/+8F475LYebw
                                                              MD5:C655B5128B315AB0BFDC9C149919E776
                                                              SHA1:39289BD30EDBB7E6282D6DDBCDC59FCC9C8CDF27
                                                              SHA-256:EAE8B2CAC38A5484412001F3C186BEBAAA58B71ABE2CA253ADAF244CE1742B86
                                                              SHA-512:11D4479353E1ACE9E030B4115D51B3CE6AD555BEC46EB0A736C18E3567675D960947F2502C18276D9A823B706E04AAE69EC0040309B9D1BC4E3973B6AAABE7A4
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.815 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/24-16:02:56.817 1da0 Recovering log #3.2024/08/24-16:02:56.819 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):24576
                                                              Entropy (8bit):0.40392658100938983
                                                              Encrypted:false
                                                              SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IVdC:TxKX0wxORAmA/U1cEB5IVdC
                                                              MD5:76FD81FCECBDCF883A3CC7F0C93DA674
                                                              SHA1:CD96E7C9408C8B669212CDF6B6F1A78C3FA23EDC
                                                              SHA-256:A49C61D4196ED2A85465B9716E6CE743DC9887716965207057F7725232BEF6D4
                                                              SHA-512:00E0298B4E5EAC64AF9E5545F3ACCAAD7A62719C57252EA318DF144B6116FF8B629C91CAA2D91C636D34FE31B88F2FBF2AFB4D5BE43F583C06E0F5DED639C0DA
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0f5b55eb-3415-44fd-aca3-c5e0aca49e77.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2e99e487-118f-4388-b29a-ea23c725a4d8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2950
                                                              Entropy (8bit):5.310626610129285
                                                              Encrypted:false
                                                              SSDEEP:48:YcgCzspts31leeEsQMJacslrsgfc7kBRsM+H7sMYs7+Hxes+FCpHYIbx9+:FS41kexJaZd2kBv4Fb4GFIYIV9+
                                                              MD5:80EF093537AF875A8700C5407DF1C866
                                                              SHA1:4EEB0F84704C7FD0DFA7C10B280CB88C6E5D4D0B
                                                              SHA-256:C7AD75872E03229463253277875F3BD6C5121E4FBBCAD2638578E969917D2666
                                                              SHA-512:B48EF0E825DF73B189A21CD6A1548A047051895F182BCB9B828B69B6274336409F2FA2421E4912657B26E6542349EA7D8B029F6C7E4C36AE8A61AE1A613727B5
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595378347252","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595381161906","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595384327253","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",tru

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2ed573b1-bf3a-48ed-bb34-15eb8aef1dcc.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.333567605860227
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjsdT4ObRlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYQTPh:YWyWNQdT4ObRlBv31dB8wXwlmUUAnIM7
                                                              MD5:982160ED1F8C169699DB8D192D9C18D4
                                                              SHA1:E89549750E54A7522EB7482771354C2BF2271249
                                                              SHA-256:03B696BEA3556464712B6ABEEAD84C12F4A3BBE78E71AA8D9F6FF186F5E9A668
                                                              SHA-512:1A62CAC5CFF58AE27B261A2320F2B6E87204F72BF8731FFC17D72CF34EC9BE6B4BB95C6A3A59122FDB0CC46EDED47575780EF3DCD19A6259755CC787148727A8
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1756065786.824433,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724529786.824438}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4d48723e-b3a5-4048-b396-988dcede2485.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6b237bb9-9af4-485e-a321-7b1ca7e1ce9a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7d0125e5-5cab-43df-9bc8-e574b3a7db1a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.0813469719549995
                                                              Encrypted:false
                                                              SSDEEP:48:T2dKLopF+SawLUO1Xj8Bkx+ZjaBlOBae/soGVY/j5XOFyPr:ige+AudZFR+V45Zr
                                                              MD5:6D8D6D4E3544AB84A8760BB7720DD922
                                                              SHA1:4CEB9A2BB9C723656C0F53AE0748B1E79A83DB01
                                                              SHA-256:04D4C7FEEB0A888EA8401DB0B7030BF68785042F434F4CA204DF874E060DA052
                                                              SHA-512:2B17D4214147DFDA6E275246B2940727A11D477DD2E8545DBB4240AA247AC9937E2A8AEE8169419C5A8EC144C582764752A8DBF8C4F0FB9C51293FAC039D7CBE
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2950
                                                              Entropy (8bit):5.3109866049710055
                                                              Encrypted:false
                                                              SSDEEP:48:YcgCzspts31leeEsQMJacslrsgfc7kBRsM+H7sMYs7+Hxes+FCpHYIbxo+:FS41kexJaZd2kBv4Fb4GFIYIVo+
                                                              MD5:11E800C2536FAD9048AD323B238CB4EF
                                                              SHA1:5E866DADC7973227FBCE0C04D3D67FD920FC721B
                                                              SHA-256:AF032E200C8812DC192E2822C5FBB5F88D163379372E9EA9B3ED336BB1A698A1
                                                              SHA-512:939D992A34BDF29F4038F0B2110CC6526C5C952F9486E22E5E18C0C7401A89F62F7A141C6EBAB2DC1465C5998E0445BE6A8AA055F246E99DB5CCAAD0DB94C617
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595378347252","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595381161906","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595384327253","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",tru

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4b15a.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2950
                                                              Entropy (8bit):5.3109866049710055
                                                              Encrypted:false
                                                              SSDEEP:48:YcgCzspts31leeEsQMJacslrsgfc7kBRsM+H7sMYs7+Hxes+FCpHYIbxo+:FS41kexJaZd2kBv4Fb4GFIYIVo+
                                                              MD5:11E800C2536FAD9048AD323B238CB4EF
                                                              SHA1:5E866DADC7973227FBCE0C04D3D67FD920FC721B
                                                              SHA-256:AF032E200C8812DC192E2822C5FBB5F88D163379372E9EA9B3ED336BB1A698A1
                                                              SHA-512:939D992A34BDF29F4038F0B2110CC6526C5C952F9486E22E5E18C0C7401A89F62F7A141C6EBAB2DC1465C5998E0445BE6A8AA055F246E99DB5CCAAD0DB94C617
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595378347252","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595381161906","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595384327253","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",tru

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):1.3298853091700917
                                                              Encrypted:false
                                                              SSDEEP:96:uIEumQv8m1ccnvS6mDo2dQF2YQ9UZ61OOdRVkI:uIEumQv8m1ccnvS6/282rUZ6Zhd
                                                              MD5:D3A156A8FD5AC414C13DF9F38A799A2F
                                                              SHA1:FAD3CE2BA7DA56C560A05B48D43B320AAB7780EC
                                                              SHA-256:5141387DBD844196D16850003F642C9B328C7473EE032D1016680C6EA6A53AFB
                                                              SHA-512:38BBAE50AE16EF9BAE5C1E6A89703FEA6073755018D9E5966006CC66B39BA6A9971A73719F100AE69CDCABF77076D9C45C17F7F6D2593A6664A75238B73729BE
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF328a7.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF339af.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF34046.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.333567605860227
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjsdT4ObRlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYQTPh:YWyWNQdT4ObRlBv31dB8wXwlmUUAnIM7
                                                              MD5:982160ED1F8C169699DB8D192D9C18D4
                                                              SHA1:E89549750E54A7522EB7482771354C2BF2271249
                                                              SHA-256:03B696BEA3556464712B6ABEEAD84C12F4A3BBE78E71AA8D9F6FF186F5E9A668
                                                              SHA-512:1A62CAC5CFF58AE27B261A2320F2B6E87204F72BF8731FFC17D72CF34EC9BE6B4BB95C6A3A59122FDB0CC46EDED47575780EF3DCD19A6259755CC787148727A8
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1756065786.824433,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724529786.824438}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF44d61.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.333567605860227
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjsdT4ObRlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYQTPh:YWyWNQdT4ObRlBv31dB8wXwlmUUAnIM7
                                                              MD5:982160ED1F8C169699DB8D192D9C18D4
                                                              SHA1:E89549750E54A7522EB7482771354C2BF2271249
                                                              SHA-256:03B696BEA3556464712B6ABEEAD84C12F4A3BBE78E71AA8D9F6FF186F5E9A668
                                                              SHA-512:1A62CAC5CFF58AE27B261A2320F2B6E87204F72BF8731FFC17D72CF34EC9BE6B4BB95C6A3A59122FDB0CC46EDED47575780EF3DCD19A6259755CC787148727A8
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1756065786.824433,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724529786.824438}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\aa72da48-60f0-4bc2-b97a-3ceec8fe9ffa.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d1857e2d-6a87-4f31-b1be-3ba71e74ec96.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2950
                                                              Entropy (8bit):5.3109866049710055
                                                              Encrypted:false
                                                              SSDEEP:48:YcgCzspts31leeEsQMJacslrsgfc7kBRsM+H7sMYs7+Hxes+FCpHYIbxo+:FS41kexJaZd2kBv4Fb4GFIYIVo+
                                                              MD5:11E800C2536FAD9048AD323B238CB4EF
                                                              SHA1:5E866DADC7973227FBCE0C04D3D67FD920FC721B
                                                              SHA-256:AF032E200C8812DC192E2822C5FBB5F88D163379372E9EA9B3ED336BB1A698A1
                                                              SHA-512:939D992A34BDF29F4038F0B2110CC6526C5C952F9486E22E5E18C0C7401A89F62F7A141C6EBAB2DC1465C5998E0445BE6A8AA055F246E99DB5CCAAD0DB94C617
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595378347252","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595381161906","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371595384327253","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",tru

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\de5162ef-dcd2-4d98-8582-d0a6c4144704.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.339227914111711
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjj1LIEsXPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYQcBU2:YWyWNNfoBv31dB8wXwlmUUAnIMp5Yg+/
                                                              MD5:09CC0FF163B7F4D3CCDEA98B8629EC77
                                                              SHA1:73885D5491B2E257629CFE12FAB3D177E8D92563
                                                              SHA-256:B0E5DB4E8D3285CFABF53AB7E4D10564C3086B0D9D230B3BE1C290C84483F17D
                                                              SHA-512:439CF42EA3F1BBB6A35DC1733940738049A3E6FBFD1822A308EFA6ECEC9C0A8C8B44145E5CD381633B70466EB6D69FCA8181BB12C2C072DA33D7163E2989BEF7
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1756065846.364187,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724529846.364192}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.7391107375212417
                                                              Encrypted:false
                                                              SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isvhldvd0dtdjiG1d6XfN:TLSOUOq0afDdWec9sJAhvlXI7J5fc
                                                              MD5:A74BFDCBFB880F469AD54BEF7B1B0C88
                                                              SHA1:0012DD82FEB43839A30557EAF9E8DB2EB7259142
                                                              SHA-256:63DFF3D10BF10F8F5326776956AF6DE1463CF0A14792C4451D4A76EFA1BF4BA2
                                                              SHA-512:203FC220BF05344052340CCC6F77233669C200FDC6596EEE6F5D1E2203328D7D116BF07DE664D1D60EA2CD96F006406A9F0A2035BFAA86C93A103193E6EA4583
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9751
                                                              Entropy (8bit):5.114460606828757
                                                              Encrypted:false
                                                              SSDEEP:192:stukdis59nsZihUkBO3E8abV+FYpQA66WOuaFIMY6PsYJ:stups59nfhFbGeQx6W1aTYm
                                                              MD5:A07977A3A1F7B88ABE86D13E48F73DFC
                                                              SHA1:F69914DAC5A149D04BA7279041CC1D12104055CF
                                                              SHA-256:47D8E77C2B4D138102B6EDECD0C09CB6F116FA797A9C0ACFAE5B95C6BAABD20B
                                                              SHA-512:DDFF53BCBAE4FD7EF7F6A63140DCE94F1DCCD4449B74C560BE35B049EDDE8A89FA053916D814FEA01B68013A33DF0EA4DDBC531CE638E731AE4547076D4B6387
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369003376850638","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF363cc.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9751
                                                              Entropy (8bit):5.114460606828757
                                                              Encrypted:false
                                                              SSDEEP:192:stukdis59nsZihUkBO3E8abV+FYpQA66WOuaFIMY6PsYJ:stups59nfhFbGeQx6W1aTYm
                                                              MD5:A07977A3A1F7B88ABE86D13E48F73DFC
                                                              SHA1:F69914DAC5A149D04BA7279041CC1D12104055CF
                                                              SHA-256:47D8E77C2B4D138102B6EDECD0C09CB6F116FA797A9C0ACFAE5B95C6BAABD20B
                                                              SHA-512:DDFF53BCBAE4FD7EF7F6A63140DCE94F1DCCD4449B74C560BE35B049EDDE8A89FA053916D814FEA01B68013A33DF0EA4DDBC531CE638E731AE4547076D4B6387
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369003376850638","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3b0a4.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9751
                                                              Entropy (8bit):5.114460606828757
                                                              Encrypted:false
                                                              SSDEEP:192:stukdis59nsZihUkBO3E8abV+FYpQA66WOuaFIMY6PsYJ:stups59nfhFbGeQx6W1aTYm
                                                              MD5:A07977A3A1F7B88ABE86D13E48F73DFC
                                                              SHA1:F69914DAC5A149D04BA7279041CC1D12104055CF
                                                              SHA-256:47D8E77C2B4D138102B6EDECD0C09CB6F116FA797A9C0ACFAE5B95C6BAABD20B
                                                              SHA-512:DDFF53BCBAE4FD7EF7F6A63140DCE94F1DCCD4449B74C560BE35B049EDDE8A89FA053916D814FEA01B68013A33DF0EA4DDBC531CE638E731AE4547076D4B6387
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369003376850638","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF425d4.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9751
                                                              Entropy (8bit):5.114460606828757
                                                              Encrypted:false
                                                              SSDEEP:192:stukdis59nsZihUkBO3E8abV+FYpQA66WOuaFIMY6PsYJ:stups59nfhFbGeQx6W1aTYm
                                                              MD5:A07977A3A1F7B88ABE86D13E48F73DFC
                                                              SHA1:F69914DAC5A149D04BA7279041CC1D12104055CF
                                                              SHA-256:47D8E77C2B4D138102B6EDECD0C09CB6F116FA797A9C0ACFAE5B95C6BAABD20B
                                                              SHA-512:DDFF53BCBAE4FD7EF7F6A63140DCE94F1DCCD4449B74C560BE35B049EDDE8A89FA053916D814FEA01B68013A33DF0EA4DDBC531CE638E731AE4547076D4B6387
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369003376850638","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):83572
                                                              Entropy (8bit):5.664085092533463
                                                              Encrypted:false
                                                              SSDEEP:1536:5L0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:5L6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                              MD5:7EA3FBCDF0A0386F091770FA001AEEC8
                                                              SHA1:C8E4076B5987F70C6C395CF3A0CFB166F74064B8
                                                              SHA-256:4A9BA9A8B22FC226B2337AD73A0954EEBB66BF2B6BC9488F0C146807339AE78C
                                                              SHA-512:59F327CE34B691EBB22E3D57A04BEA92741436932CC3DB11976DA724FDCF4F9A0198F3DA7FFE7D439414ED15265736473089EEC453CDADBA10B7E914E9F3AB6D
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1.q.Sj...............(QUERY_TIMESTAMP:product_category_en1.*.*.13369003387941482..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):309
                                                              Entropy (8bit):5.171265714067756
                                                              Encrypted:false
                                                              SSDEEP:6:N1J1923oH+TcwtgctZQInvB2KLlLCDM+q2P923oH+TcwtgctZQInvIFUv:N1kYebgGZznvFL1CDM+v4YebgGZznQF2
                                                              MD5:D4397C028CBDC7E4C2069317635335F9
                                                              SHA1:C850CFA5297FA39F7394D45CAF39A082D3DCDBDC
                                                              SHA-256:8C1025E8A70BCE97B42B396DD488E5560CEECB5592BD463071AE61E6CE02E804
                                                              SHA-512:C6EFC824CEFB5E2042E87DAE56919F8FE0B446AE85B493C5A94332B521CA9F0871A31AECA43F5798F92AD6A16A9D09354D621F3FEF9C1D3F45E16210F2260A18
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:06.663 238c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/08/24-16:03:06.962 238c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):26889
                                                              Entropy (8bit):5.576299818437572
                                                              Encrypted:false
                                                              SSDEEP:768:H5i91DWPvvff28F1+UoAYDCx9Tuqh0VfUC9xbog/OVV4IOR77rwap1tuc:H5i91DWPvvff2u1jag4IQ7QEtj
                                                              MD5:9E32E80B57F69D68B4CA69C62C95CC2F
                                                              SHA1:B149743D8ECC749A27E656C890050E771280E6E6
                                                              SHA-256:C3E5D47D313F42B9E28415D7A7CA38C45843779D5649EDEC2169A67C95C933EA
                                                              SHA-512:B0DD016415D0CCC5E919753CA6DDD93E24D65FFB2AC14041E02A0CD900A7044462D676379F2152C30BCACF6D4639689AE4261F8637C5AA217D5BBB7991DAF187
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369003376247857","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369003376247857","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF364b6.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):26889
                                                              Entropy (8bit):5.576299818437572
                                                              Encrypted:false
                                                              SSDEEP:768:H5i91DWPvvff28F1+UoAYDCx9Tuqh0VfUC9xbog/OVV4IOR77rwap1tuc:H5i91DWPvvff2u1jag4IQ7QEtj
                                                              MD5:9E32E80B57F69D68B4CA69C62C95CC2F
                                                              SHA1:B149743D8ECC749A27E656C890050E771280E6E6
                                                              SHA-256:C3E5D47D313F42B9E28415D7A7CA38C45843779D5649EDEC2169A67C95C933EA
                                                              SHA-512:B0DD016415D0CCC5E919753CA6DDD93E24D65FFB2AC14041E02A0CD900A7044462D676379F2152C30BCACF6D4639689AE4261F8637C5AA217D5BBB7991DAF187
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369003376247857","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369003376247857","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):440
                                                              Entropy (8bit):4.629459772759938
                                                              Encrypted:false
                                                              SSDEEP:12:S+a8ljljljljldmXUf90+CWQ3f9FnGz3A/XkAvkAvkAv:Ra0ZZZZkUfCtfHG0Xk8k8k8
                                                              MD5:124CA610514A9E853529BAC46AA4382F
                                                              SHA1:9C15172CF69DE45656DFAE4A29749D85E2A698B8
                                                              SHA-256:61F74950476A6C609B1F4E3F9A85B4E59292DDA785AD342C82BB28ABC4A5B612
                                                              SHA-512:C83FB15938175643FDB44A42950F1A6D6986BE73818C8BD69BA8E8EA73444B5C5C9B47E3CA597D9A52D90F746FEB533DB1E7F66152997057269AFB983D9AEAC3
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............&..Vj................next-map-id.1.Knamespace-045fee2c_436d_4ab4_b00d_0c9c72d9dcb6-https://accounts.google.com/.0...Qk................next-map-id.2.Lnamespace-045fee2c_436d_4ab4_b00d_0c9c72d9dcb6-https://accounts.youtube.com/.1. .................. .................. .................. .................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.121561328993955
                                                              Encrypted:false
                                                              SSDEEP:6:NF40iq2P923oH+TcwtrQMxIFUt88F4lZmw+8F4opVFkwO923oH+TcwtrQMFLJ:NF40iv4YebCFUt88F4l/+8F4opVF5LYM
                                                              MD5:85D9FBDD54F5FC3DC12050AFD01349A3
                                                              SHA1:99FF3AD1239C0E3F7689CE4865DB539F1ADBB806
                                                              SHA-256:4C074F94D9B115AB19B0BD507015654CEBB67731970FD668690B24B878659F46
                                                              SHA-512:3FA04725D5C4B727475121E0094202747CDAB5098A31FB6F99EBAAC895976BA3CE6098B7700548ECFF19C357FE72C3A516A41549D0B1ACD11626E99344A75E4D
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.881 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/24-16:02:56.882 1da0 Recovering log #3.2024/08/24-16:02:56.885 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.121561328993955
                                                              Encrypted:false
                                                              SSDEEP:6:NF40iq2P923oH+TcwtrQMxIFUt88F4lZmw+8F4opVFkwO923oH+TcwtrQMFLJ:NF40iv4YebCFUt88F4l/+8F4opVF5LYM
                                                              MD5:85D9FBDD54F5FC3DC12050AFD01349A3
                                                              SHA1:99FF3AD1239C0E3F7689CE4865DB539F1ADBB806
                                                              SHA-256:4C074F94D9B115AB19B0BD507015654CEBB67731970FD668690B24B878659F46
                                                              SHA-512:3FA04725D5C4B727475121E0094202747CDAB5098A31FB6F99EBAAC895976BA3CE6098B7700548ECFF19C357FE72C3A516A41549D0B1ACD11626E99344A75E4D
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.881 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/24-16:02:56.882 1da0 Recovering log #3.2024/08/24-16:02:56.885 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369003378738989

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):7961
                                                              Entropy (8bit):4.16460791495378
                                                              Encrypted:false
                                                              SSDEEP:96:31qb31Hxbfm231HxbfmsQZQ6nPmg1oa+GlOiGQRQ6nPmg1oNQ9eom3nGQE+:3sXlQZ3Pmg1ocl6QR3Pmg1oNQ9eom37
                                                              MD5:33E6920B1F3E5E6DE314203226CC2AA7
                                                              SHA1:BC57E12B69D0FD6D86A2AFB61DE5A04B18D9FBAD
                                                              SHA-256:C34AAB9AB798B0C669A4DDE1FCFB63EE24E3202A8E36E92576FC0655C212FF83
                                                              SHA-512:FF2756F7CB9E8A63771AA5EDE92B6C44351CFCBA30D13549F026418AC59ADD21A9218DA325100CE2FF9DF968A180847E27FB9189D1CF6D7F51B012615C822D71
                                                              Malicious:false
                                                              Preview:SNSS........j.*............j.*......".j.*............j.*........j.*........j.*........j.*....!...j.*................................j.*.j.*1..,....j.*$...045fee2c_436d_4ab4_b00d_0c9c72d9dcb6....j.*........j.*.....M..........j.*....j.*........................j.*....................5..0....j.*&...{98952893-68FF-4A5D-A164-705C709ED3DB}......j.*........j.*............................j.*................j.*o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64.....................j.*................j.*o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.44194574462308833
                                                              Encrypted:false
                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):352
                                                              Entropy (8bit):5.16855982846011
                                                              Encrypted:false
                                                              SSDEEP:6:NF4i0fcMq2P923oH+Tcwt7Uh2ghZIFUt88F4CZmw+8F4ukwO923oH+Tcwt7Uh2gd:NF4N5v4YebIhHh2FUt88F4C/+8F4u5L0
                                                              MD5:3E6A1D38DFF1E822C5357458D496B63C
                                                              SHA1:6CF020185D7C82588C983AF1C1390FE7F89E73DE
                                                              SHA-256:19AA82C5023FCC7E848E72ADC9E8581508729A26339CE362318AAD2F1A06267E
                                                              SHA-512:0EC6B120424CB64D385171475D205054B3E30A333822D5BAC053F5605C0B72AD89E9458CDEE795815D31F0766B52EA5B7DC8020E51C313B6F3EE7A1C9E04D0C0
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.279 1c94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/24-16:02:56.280 1c94 Recovering log #3.2024/08/24-16:02:56.280 1c94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):352
                                                              Entropy (8bit):5.16855982846011
                                                              Encrypted:false
                                                              SSDEEP:6:NF4i0fcMq2P923oH+Tcwt7Uh2ghZIFUt88F4CZmw+8F4ukwO923oH+Tcwt7Uh2gd:NF4N5v4YebIhHh2FUt88F4C/+8F4u5L0
                                                              MD5:3E6A1D38DFF1E822C5357458D496B63C
                                                              SHA1:6CF020185D7C82588C983AF1C1390FE7F89E73DE
                                                              SHA-256:19AA82C5023FCC7E848E72ADC9E8581508729A26339CE362318AAD2F1A06267E
                                                              SHA-512:0EC6B120424CB64D385171475D205054B3E30A333822D5BAC053F5605C0B72AD89E9458CDEE795815D31F0766B52EA5B7DC8020E51C313B6F3EE7A1C9E04D0C0
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.279 1c94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/24-16:02:56.280 1c94 Recovering log #3.2024/08/24-16:02:56.280 1c94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):434
                                                              Entropy (8bit):5.244093157105085
                                                              Encrypted:false
                                                              SSDEEP:12:NF446v4YebvqBQFUt88F44N/+8F44fw5LYebvqBvJ:NFs4YebvZg88FnF2LYebvk
                                                              MD5:56486EECCE127E32512692F4C28F52BF
                                                              SHA1:82626B179E2C589CE6947C0FFA74D89F11F19420
                                                              SHA-256:5F3034741917222791DB1C86E43AACCC5E661500E7691F3FAAF0E3913AF89E06
                                                              SHA-512:10D0E86BD8AFD28503603974AB424EB37A5441212C051BB1564B70302801D92AD055F1E617518B2D6C95AB2BF3343553CB1A238E6D59A1AEF645F2A7A463759E
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:57.174 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/24-16:02:57.176 1da0 Recovering log #3.2024/08/24-16:02:57.179 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):434
                                                              Entropy (8bit):5.244093157105085
                                                              Encrypted:false
                                                              SSDEEP:12:NF446v4YebvqBQFUt88F44N/+8F44fw5LYebvqBvJ:NFs4YebvZg88FnF2LYebvk
                                                              MD5:56486EECCE127E32512692F4C28F52BF
                                                              SHA1:82626B179E2C589CE6947C0FFA74D89F11F19420
                                                              SHA-256:5F3034741917222791DB1C86E43AACCC5E661500E7691F3FAAF0E3913AF89E06
                                                              SHA-512:10D0E86BD8AFD28503603974AB424EB37A5441212C051BB1564B70302801D92AD055F1E617518B2D6C95AB2BF3343553CB1A238E6D59A1AEF645F2A7A463759E
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:57.174 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/24-16:02:57.176 1da0 Recovering log #3.2024/08/24-16:02:57.179 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4f8e9472-7c30-4827-afc4-68a9e3b35e13.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):144
                                                              Entropy (8bit):4.842082263530856
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                              MD5:ABE81C38891A875B52127ACE9C314105
                                                              SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                              SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                              SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF339af.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF34046.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.3886039372934488
                                                              Encrypted:false
                                                              SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                              MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                              SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                              SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                              SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ce06e45c-d7c3-48eb-8eeb-c08611a6fd9c.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d8fba5d9-8bd5-4893-8155-a7e91da1aa26.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\de735084-d881-4ca2-9a51-9b61a6cb9b13.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ea1f3358-8f71-405a-90be-350e9107dd79.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):144
                                                              Entropy (8bit):4.842082263530856
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                              MD5:ABE81C38891A875B52127ACE9C314105
                                                              SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                              SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                              SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):80
                                                              Entropy (8bit):3.4921535629071894
                                                              Encrypted:false
                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):422
                                                              Entropy (8bit):5.210567909160985
                                                              Encrypted:false
                                                              SSDEEP:6:NrONq2P923oH+TcwtzjqEKj0QMxIFUt88qZmw+8dakwO923oH+TcwtzjqEKj0QMT:Nrcv4YebvqBZFUt88q/+805LYebvqBaJ
                                                              MD5:9B06882038A765DE59E8EB5508A6F354
                                                              SHA1:729916ABDDFFA0B9E45F0CD47490E7CF32E21E95
                                                              SHA-256:CB0497ACF2FAA4C84150CE3C06E617F8A831FE1AED4B2B952AB4AF4D4E7E9223
                                                              SHA-512:20358D4738C278CCE3A42C16EEC4F3F767EDB3254965C8398391E6E3402BCC0D513B8607374AE501A22E189F8F7F1DA1859FEE8D1A55EFD6B4B1696329C09383
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:16.802 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/24-16:03:16.803 1da0 Recovering log #3.2024/08/24-16:03:16.805 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):422
                                                              Entropy (8bit):5.210567909160985
                                                              Encrypted:false
                                                              SSDEEP:6:NrONq2P923oH+TcwtzjqEKj0QMxIFUt88qZmw+8dakwO923oH+TcwtzjqEKj0QMT:Nrcv4YebvqBZFUt88q/+805LYebvqBaJ
                                                              MD5:9B06882038A765DE59E8EB5508A6F354
                                                              SHA1:729916ABDDFFA0B9E45F0CD47490E7CF32E21E95
                                                              SHA-256:CB0497ACF2FAA4C84150CE3C06E617F8A831FE1AED4B2B952AB4AF4D4E7E9223
                                                              SHA-512:20358D4738C278CCE3A42C16EEC4F3F767EDB3254965C8398391E6E3402BCC0D513B8607374AE501A22E189F8F7F1DA1859FEE8D1A55EFD6B4B1696329C09383
                                                              Malicious:false
                                                              Preview:2024/08/24-16:03:16.802 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/24-16:03:16.803 1da0 Recovering log #3.2024/08/24-16:03:16.805 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):328
                                                              Entropy (8bit):5.169919414641358
                                                              Encrypted:false
                                                              SSDEEP:6:NF4Avq2P923oH+TcwtpIFUt88F4sZZmw+8F4szkwO923oH+Tcwta/WLJ:NF4Ov4YebmFUt88F4A/+8F4o5LYebaUJ
                                                              MD5:13C0640A83673BEDABCC0D603B8A67C3
                                                              SHA1:E2A42B9DB3DFCA9383223E14ACAB9168E743B07F
                                                              SHA-256:3AD3886002BA8321D6D2F3F34B954D68BBF620A6C90B303C119841949D624E6A
                                                              SHA-512:11494CBED6180BAD46D6CD438211BFE88CA5858E8F80E7F1AC0C5DB34404A24B52AC12926CFB663ABA134581D5E035D0348B6A1B72666FC012DAAE971DB016A6
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.260 1c40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/24-16:02:56.261 1c40 Recovering log #3.2024/08/24-16:02:56.261 1c40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):328
                                                              Entropy (8bit):5.169919414641358
                                                              Encrypted:false
                                                              SSDEEP:6:NF4Avq2P923oH+TcwtpIFUt88F4sZZmw+8F4szkwO923oH+Tcwta/WLJ:NF4Ov4YebmFUt88F4A/+8F4o5LYebaUJ
                                                              MD5:13C0640A83673BEDABCC0D603B8A67C3
                                                              SHA1:E2A42B9DB3DFCA9383223E14ACAB9168E743B07F
                                                              SHA-256:3AD3886002BA8321D6D2F3F34B954D68BBF620A6C90B303C119841949D624E6A
                                                              SHA-512:11494CBED6180BAD46D6CD438211BFE88CA5858E8F80E7F1AC0C5DB34404A24B52AC12926CFB663ABA134581D5E035D0348B6A1B72666FC012DAAE971DB016A6
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:56.260 1c40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/24-16:02:56.261 1c40 Recovering log #3.2024/08/24-16:02:56.261 1c40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):131072
                                                              Entropy (8bit):0.005567161523650777
                                                              Encrypted:false
                                                              SSDEEP:3:ImtVF+R5I/ix72g1rl:IiVEYiUa
                                                              MD5:A178C3B9C5A3A78ADA9B461580BC6091
                                                              SHA1:048AC57A385831B7E383A47737F544E96C53BF69
                                                              SHA-256:8CDC4B36C6ED3E35E29FC22BDCB982E2C9E61D438D17D821A6E03586A29D5590
                                                              SHA-512:56E29B4FDF5ED32F250CA6A242296CD3457295DA29F426455B1001EDFBC4325BAE31B38958BAA4009E943D9F595F6F6867E027DB229D12B52F4EB64D89B14C2F
                                                              Malicious:false
                                                              Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.2651467145535988
                                                              Encrypted:false
                                                              SSDEEP:384:8/2qOB1nxCkM5SAELyKOMq+8yC8F/YfU5m+OlTLVum0:Bq+n0J59ELyKOMq+8y9/Owz
                                                              MD5:EBFD8B87E6DE1BE75BD689D2858CE2BA
                                                              SHA1:0F3CFF425130A7AFB31CAAC63697D92D04B9537B
                                                              SHA-256:9EBAE604D44EA59ADF13DF4D474CD59BE18FCAEFA88344A5009F476B4022C200
                                                              SHA-512:AD499852AB353DE9DD086E62ECD85E683456934D09D43D7ECE987EAB0668E3E4F159D9C9CC6C83539A6538CE192480E0F2D6EA2893ED5CC3E01730B2F3243404
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                              Category:dropped
                                                              Size (bytes):14336
                                                              Entropy (8bit):1.4123157716569694
                                                              Encrypted:false
                                                              SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgZ2RydNqjMIEXq2RydNqZxj/:ftSjGhp22iSZQSqlQw
                                                              MD5:D6391BC08D14281CDFE5B83BBA912433
                                                              SHA1:E4808F0EB750C90FD0796C966A0489B14ADEF3DD
                                                              SHA-256:EE0AD4EC99A916AC0E0D8118F6912C5994454D0FC67118B6B1F5476A2B89C25D
                                                              SHA-512:E49B32C6BEE643890D2D726D9B43F660F84C1241B481F6816994B95D9FF683E6C5A497955FB4F090E89E2A3812BF54DD86FE6F393C6D6698A2E5B79FDE2B9B61
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.41235120905181716
                                                              Encrypted:false
                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a9a8a0fc-ba5b-4adf-9548-cdebf04896f2.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13283
                                                              Entropy (8bit):5.2822596206588495
                                                              Encrypted:false
                                                              SSDEEP:192:stuJ99QTryDigabatSuyis59nsZihprQkBO3E8abV+FYpQA66WJkBlaFIMY6PsYJ:stuPGKSuBs59nfhpNbGeQx6WMlaTYm
                                                              MD5:D00A56765E822D375E9214CA25828C97
                                                              SHA1:C4F39925CB01C1DD6A7302B48A187FAF25E9BC61
                                                              SHA-256:4D01A063811D68BC2499A561BD3B9B03549934AE088B84F6C335635E56CEB119
                                                              SHA-512:E66B4CC55EEE3BD58549E1B1AECCFC32E8E67DE43C04E6002864B9D1CB3110BD3AD863E692B8B2B02C437C1FDD736DCA29F296F394DA4F7EABB62E765556D98D
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369003376850638","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11755
                                                              Entropy (8bit):5.190465908239046
                                                              Encrypted:false
                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                              Malicious:false
                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b0e6c3da-ecf2-442f-b12c-1221cfb823ca.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.3410017321959524
                                                              Encrypted:false
                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e5a31d14-fe01-42fb-a024-db241f6d4cfb.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9751
                                                              Entropy (8bit):5.114460606828757
                                                              Encrypted:false
                                                              SSDEEP:192:stukdis59nsZihUkBO3E8abV+FYpQA66WOuaFIMY6PsYJ:stups59nfhFbGeQx6W1aTYm
                                                              MD5:A07977A3A1F7B88ABE86D13E48F73DFC
                                                              SHA1:F69914DAC5A149D04BA7279041CC1D12104055CF
                                                              SHA-256:47D8E77C2B4D138102B6EDECD0C09CB6F116FA797A9C0ACFAE5B95C6BAABD20B
                                                              SHA-512:DDFF53BCBAE4FD7EF7F6A63140DCE94F1DCCD4449B74C560BE35B049EDDE8A89FA053916D814FEA01B68013A33DF0EA4DDBC531CE638E731AE4547076D4B6387
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369003376850638","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ffafdc72-a00c-4dd1-aee9-ecfaa7ab740b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40504
                                                              Entropy (8bit):5.560982020653804
                                                              Encrypted:false
                                                              SSDEEP:768:HYU9Lx7pLGLvJDWPvvfy28F1+UoAYDCx9Tuqh0VfUC9xbog/OV741OR87rw4RkLL:HYU9LncvJDWPvvfy2u1jam41Q8Q4Rkuy
                                                              MD5:79B94E1D3DFFF76C2130F955BE665CA3
                                                              SHA1:DCEF2AE8BFA49041FE3EC6F6E32CA8BC2B9734E5
                                                              SHA-256:5C4663143C282E075FFD02533A351910CC949A26E7F29BC78D67E334C614F0BC
                                                              SHA-512:93AC099BCFFFEAB8EF5EFFFEF25554D142FCA9EA31D8349A620D52013A302372EA38E7A9BAC4BF31123CD05703AB8F80D6E783AE518A1B75AAEB3FA2074CE8D6
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369003376247857","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369003376247857","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.11573992025529492
                                                              Encrypted:false
                                                              SSDEEP:12:WtYMqUYRtYMq3pEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtL8tGoPnnnnnnnnnnnnnnnvN3zd
                                                              MD5:203E54D292F3CDDA7260C9ABDF2109DF
                                                              SHA1:084C4BEB84EA6275BB1699B99B74DC3093A8759F
                                                              SHA-256:D95F5DAA8B13F5799F4DCC0EBD31AA2EFF71AD6366BAE46D923F40527F4ADFFA
                                                              SHA-512:2E00A68401BAFA6360A023ABC096BB14BF675DAB86C171DB163EF3DCBCEB8F345B5042F23CFC0E41388D554D7E458306FA358EA70C215CA840D1467C6E0FFDAA
                                                              Malicious:false
                                                              Preview:..-.............].......|......z.4..}......:H2..-.............].......|......z.4..}......:H2........Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                              Category:dropped
                                                              Size (bytes):383192
                                                              Entropy (8bit):1.0828124119010998
                                                              Encrypted:false
                                                              SSDEEP:768:IxsQywrRJr37kOWyzzPIzpPrzPX+Puz/XuPspzTX9PETzSPvzCP1:bOlxLxl2hhX2qm
                                                              MD5:930356A961045CE6E4E82AF7FB9EE29E
                                                              SHA1:B3573E073618B41F983DB875A50C47C891A021D6
                                                              SHA-256:E6FFC5B45FB6D2AE230AB81F8F3AAD1F4DE6A3E93210957DE4283B7D60EBDAC0
                                                              SHA-512:B742F9B76F2B0B1AB71A0D330A23541CD3FC7A7E786F792CE1B9619632F060481A8CB0C2354A8963906F2B1CB3EEAC344044173910176297E8862FA4955F601F
                                                              Malicious:false
                                                              Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):723
                                                              Entropy (8bit):3.218069112559979
                                                              Encrypted:false
                                                              SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuD8tU:iD
                                                              MD5:77DA9C2C183958405DD30E2825C7A6A8
                                                              SHA1:4D9DC3190DBABBDF5112DBB6756CD8645540192E
                                                              SHA-256:BA1E793C80D71236D79C398B0D0FA72C4686184B375554FC7976F94157EA0D20
                                                              SHA-512:9BDFAEA507963B82C9D6F9B0CE56360E7ABD818FDBBA647323DE3E4482B7AFB83E316C510B6A76621C4EE259D18C62FF3660EC9E7532EE77CA0F0CE10B35D17E
                                                              Malicious:false
                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............>m'J0................39_config..........6.....n ....1V.e................V.e................V.e................V.e................V.e................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.235239890861748
                                                              Encrypted:false
                                                              SSDEEP:6:NF44uq2P923oH+TcwtfrK+IFUt88F443Zmw+8F44KbFkwO923oH+TcwtfrUeLJ:NF44uv4Yeb23FUt88F443/+8F44+5LYq
                                                              MD5:B4E49217072D7543809D4B6FFC688789
                                                              SHA1:52205B410892CAB46F4A1D25D606D74C709EF552
                                                              SHA-256:DA547C404E31EEDF82573CB4078B9B0B9D6BEB25F0E8F08B018AD392B6E6B6BC
                                                              SHA-512:6D82C5892C9EDCEE75EFD6074A31A1ED988C62670CFE2EA9510D7C95A606E9DB0C857A1777614E8E1FBE7D08A1B83B72596B70C27D8BE7A2BD2B657016417D62
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:57.013 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/24-16:02:57.013 1c84 Recovering log #3.2024/08/24-16:02:57.014 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):324
                                                              Entropy (8bit):5.235239890861748
                                                              Encrypted:false
                                                              SSDEEP:6:NF44uq2P923oH+TcwtfrK+IFUt88F443Zmw+8F44KbFkwO923oH+TcwtfrUeLJ:NF44uv4Yeb23FUt88F443/+8F44+5LYq
                                                              MD5:B4E49217072D7543809D4B6FFC688789
                                                              SHA1:52205B410892CAB46F4A1D25D606D74C709EF552
                                                              SHA-256:DA547C404E31EEDF82573CB4078B9B0B9D6BEB25F0E8F08B018AD392B6E6B6BC
                                                              SHA-512:6D82C5892C9EDCEE75EFD6074A31A1ED988C62670CFE2EA9510D7C95A606E9DB0C857A1777614E8E1FBE7D08A1B83B72596B70C27D8BE7A2BD2B657016417D62
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:57.013 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/24-16:02:57.013 1c84 Recovering log #3.2024/08/24-16:02:57.014 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):787
                                                              Entropy (8bit):4.059252238767438
                                                              Encrypted:false
                                                              SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                              MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                              SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                              SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                              SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                              Malicious:false
                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):342
                                                              Entropy (8bit):5.2215993462120505
                                                              Encrypted:false
                                                              SSDEEP:6:NF44/Jq2P923oH+TcwtfrzAdIFUt88F44VTZmw+8F44VJkwO923oH+TcwtfrzILJ:NF44hv4Yeb9FUt88F44VT/+8F44VJ5La
                                                              MD5:EEB8C31830FF78BEE0C7FB7854711EF4
                                                              SHA1:9582248510873D950CBE92D13B9CC2F510664834
                                                              SHA-256:2FE0CE5FDD4F0780A5E70B8EB3C21E0B9CA9F70F9CCBC2D138E0691AD8F1AEC2
                                                              SHA-512:B479FC98F6C1695A9B1F54F2C9B32275E2D1E67B3D4574C45A10DEA5E6A9206CD436F603B3D650B34FD8D97FAF13C1D2D6CF2F651C885169ECA713F9B52BE9D5
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:57.009 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/24-16:02:57.011 1c84 Recovering log #3.2024/08/24-16:02:57.011 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):342
                                                              Entropy (8bit):5.2215993462120505
                                                              Encrypted:false
                                                              SSDEEP:6:NF44/Jq2P923oH+TcwtfrzAdIFUt88F44VTZmw+8F44VJkwO923oH+TcwtfrzILJ:NF44hv4Yeb9FUt88F44VT/+8F44VJ5La
                                                              MD5:EEB8C31830FF78BEE0C7FB7854711EF4
                                                              SHA1:9582248510873D950CBE92D13B9CC2F510664834
                                                              SHA-256:2FE0CE5FDD4F0780A5E70B8EB3C21E0B9CA9F70F9CCBC2D138E0691AD8F1AEC2
                                                              SHA-512:B479FC98F6C1695A9B1F54F2C9B32275E2D1E67B3D4574C45A10DEA5E6A9206CD436F603B3D650B34FD8D97FAF13C1D2D6CF2F651C885169ECA713F9B52BE9D5
                                                              Malicious:false
                                                              Preview:2024/08/24-16:02:57.009 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/24-16:02:57.011 1c84 Recovering log #3.2024/08/24-16:02:57.011 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):120
                                                              Entropy (8bit):3.32524464792714
                                                              Encrypted:false
                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                              Malicious:false
                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):13
                                                              Entropy (8bit):2.7192945256669794
                                                              Encrypted:false
                                                              SSDEEP:3:NYLFRQI:ap2I
                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                              Malicious:false
                                                              Preview:117.0.2045.47

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44137
                                                              Entropy (8bit):6.090728521811828
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMBwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynER6mtbz8hu3VlXr4CRo1
                                                              MD5:04296588DD63D973B40FBC8362A4827C
                                                              SHA1:0C931852D395A5961B84B3F83FB6D9C89FC338A1
                                                              SHA-256:5CC687445C8356EED6510003B7CD7844D50231F0D590D3BDB93EB46F2097B7F3
                                                              SHA-512:31311FF0252888AC848381946E1B805AAFF44286C750350875DD3C6F749455FADA456EF35A4F44BE0E003D441BF9C702B645BD85B730EF818640D939C78A3250
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF312ae.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44137
                                                              Entropy (8bit):6.090728521811828
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMBwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynER6mtbz8hu3VlXr4CRo1
                                                              MD5:04296588DD63D973B40FBC8362A4827C
                                                              SHA1:0C931852D395A5961B84B3F83FB6D9C89FC338A1
                                                              SHA-256:5CC687445C8356EED6510003B7CD7844D50231F0D590D3BDB93EB46F2097B7F3
                                                              SHA-512:31311FF0252888AC848381946E1B805AAFF44286C750350875DD3C6F749455FADA456EF35A4F44BE0E003D441BF9C702B645BD85B730EF818640D939C78A3250
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3154e.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44137
                                                              Entropy (8bit):6.090728521811828
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMBwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynER6mtbz8hu3VlXr4CRo1
                                                              MD5:04296588DD63D973B40FBC8362A4827C
                                                              SHA1:0C931852D395A5961B84B3F83FB6D9C89FC338A1
                                                              SHA-256:5CC687445C8356EED6510003B7CD7844D50231F0D590D3BDB93EB46F2097B7F3
                                                              SHA-512:31311FF0252888AC848381946E1B805AAFF44286C750350875DD3C6F749455FADA456EF35A4F44BE0E003D441BF9C702B645BD85B730EF818640D939C78A3250
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33bd1.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44137
                                                              Entropy (8bit):6.090728521811828
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMBwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynER6mtbz8hu3VlXr4CRo1
                                                              MD5:04296588DD63D973B40FBC8362A4827C
                                                              SHA1:0C931852D395A5961B84B3F83FB6D9C89FC338A1
                                                              SHA-256:5CC687445C8356EED6510003B7CD7844D50231F0D590D3BDB93EB46F2097B7F3
                                                              SHA-512:31311FF0252888AC848381946E1B805AAFF44286C750350875DD3C6F749455FADA456EF35A4F44BE0E003D441BF9C702B645BD85B730EF818640D939C78A3250
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF42586.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44137
                                                              Entropy (8bit):6.090728521811828
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMBwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynER6mtbz8hu3VlXr4CRo1
                                                              MD5:04296588DD63D973B40FBC8362A4827C
                                                              SHA1:0C931852D395A5961B84B3F83FB6D9C89FC338A1
                                                              SHA-256:5CC687445C8356EED6510003B7CD7844D50231F0D590D3BDB93EB46F2097B7F3
                                                              SHA-512:31311FF0252888AC848381946E1B805AAFF44286C750350875DD3C6F749455FADA456EF35A4F44BE0E003D441BF9C702B645BD85B730EF818640D939C78A3250
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48096.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44137
                                                              Entropy (8bit):6.090728521811828
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMBwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynER6mtbz8hu3VlXr4CRo1
                                                              MD5:04296588DD63D973B40FBC8362A4827C
                                                              SHA1:0C931852D395A5961B84B3F83FB6D9C89FC338A1
                                                              SHA-256:5CC687445C8356EED6510003B7CD7844D50231F0D590D3BDB93EB46F2097B7F3
                                                              SHA-512:31311FF0252888AC848381946E1B805AAFF44286C750350875DD3C6F749455FADA456EF35A4F44BE0E003D441BF9C702B645BD85B730EF818640D939C78A3250
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5963118027796015
                                                              Encrypted:false
                                                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):47
                                                              Entropy (8bit):4.3818353308528755
                                                              Encrypted:false
                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                              MD5:48324111147DECC23AC222A361873FC5
                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                              Malicious:false
                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35
                                                              Entropy (8bit):4.014438730983427
                                                              Encrypted:false
                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                              Malicious:false
                                                              Preview:{"forceServiceDetermination":false}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):50
                                                              Entropy (8bit):3.9904355005135823
                                                              Encrypted:false
                                                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                              Malicious:false
                                                              Preview:topTraffic_170540185939602997400506234197983529371

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):575056
                                                              Entropy (8bit):7.999649474060713
                                                              Encrypted:true
                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                              Malicious:false
                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):86
                                                              Entropy (8bit):4.3751917412896075
                                                              Encrypted:false
                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                              MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                              SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                              SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                              SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                              Malicious:false
                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c001db62-37e7-407e-a85c-e7508ad62470.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):46015
                                                              Entropy (8bit):6.088450090891262
                                                              Encrypted:false
                                                              SSDEEP:768:mM7X2zt1jKYqHkZeCoOFFxhDO6vP6OstxAosrnwta4am7PCAohGoup1Xl3jVzXra:mMSzvKYqsloOS6MzG9mLRohhu3VlXr49
                                                              MD5:E5ADB73DA5D6B4892FF70CBDCA95E1DC
                                                              SHA1:9AB1808B05561135CD36BF02E7E820A96EBBA328
                                                              SHA-256:F04729DCEC774D2F41E13812DE83F64BB8C913DD83B9F35715F51BEA1B98226D
                                                              SHA-512:523B0E6CCD9493780150D2EA8445A240182CF1901D4A52204FC13208D11DD4B486C2F280EF14BD691B98AB3B687761DD58050600E50CFE5E0E7B5A27BA2FADDA
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d7020e16-975a-4451-9267-ab1563a40c6c.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):46015
                                                              Entropy (8bit):6.088447474997983
                                                              Encrypted:false
                                                              SSDEEP:768:mM7X2zt1jKYqHkZeC9OFFxhDO6vP6OstxAosrnwta4am7PCAohGoup1Xl3jVzXra:mMSzvKYqsl9OS6MzG9mLRohhu3VlXr49
                                                              MD5:8FD39A862D46B96D707E2021F587811D
                                                              SHA1:421F7FB540AF62074C89C295F09D48EF631E8610
                                                              SHA-256:68CC509AEF19A25FB8DF81F4B54EC39B22129EF682566B5ED35B954A065FF136
                                                              SHA-512:98F7EE2491E083B819FAA14E7F6B2E9FD1712694AE1CEE45591484CADA08DD02B5F6C3F3BED980A4E6B1D34B232B7240E562B802B9096C1302253D1D189C93DC
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fdaf656f-4fe9-4714-8bc8-67e8a2d7e66e.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):44600
                                                              Entropy (8bit):6.095692056820429
                                                              Encrypted:false
                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBhwu0hDO6vP6OstxAoArX4/XdkcGoup1Xl3jVzXr2:z/Ps+wsI7ynEv6MzIchu3VlXr4CRo1
                                                              MD5:D57B465AC1BC4B63F6E8500BFA49E8C8
                                                              SHA1:77AAC886884DACB2690735D3AC8C2A215F54E76A
                                                              SHA-256:91E0C886D8CB4489380BB6A22A4190E36CA1612CC6938262AB1376CD8806E6D6
                                                              SHA-512:AC255432896FF4D3CDB0216B42219BCB26324C15BF24E325CDFB7696709E6704702B5DC52AE14D0526D7E28CFC4DCBA0133421F50FE4E9718485AFB66D6FB45D
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2278
                                                              Entropy (8bit):3.8391354190301272
                                                              Encrypted:false
                                                              SSDEEP:48:uiTrlKxrgxBxl9Il8uKdpPayvQPREny2aDkW4XGld1rc:mEYmpPa6QPREDaQlB
                                                              MD5:2FCE3FCCB319EA24EF32FC0E6A21A307
                                                              SHA1:ECA4B1219CB4B5A6A76AFAE87D346ADE2EB83463
                                                              SHA-256:42E04E914EFE4FB9367FA4923FC975CFF2CB8269309BFCEC4EBBD233EDD64589
                                                              SHA-512:5880C5BB533D1E10A1E4B3D99AA210D3C7940D72D396D16C6C693F5FC77AC9555CC48E892B2386968E0D982C346B59206EB80DC5E55FE3CA99BAE5F4FAFD9124
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.B.p.t.A.G.n.2.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.7.V./.7.s.O.

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4622
                                                              Entropy (8bit):4.005151271270572
                                                              Encrypted:false
                                                              SSDEEP:96:KsYt2U1NRnPoDVUs/vYAL9UN2tLYdZ+tL610KwQ8XjUpQ:Ks22U5nPMus/vYCUU+dvvwrzCQ
                                                              MD5:1AF0DD387B646F83DA6A51CA148FD9EC
                                                              SHA1:CC7C38ADB4B410051128AEA78EA0A432790A4EE1
                                                              SHA-256:D92BA36DD4FB458E047D4B94C5F31211A012310867706A6A7A23204DBD414A85
                                                              SHA-512:EA09C653FD48DC98EF0662450A03D7621E20854517DA2C152A869E6F8B3C1C79DDDE0DF72AC1857D745C765F2DDAC93C76C2FC3009210C8DEECE1AFFE22B6F7D
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".b.H.k.N.5.m.D.2.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.n.p.h.A.0.X.

                                                              C:\Users\user\AppData\Local\Temp\16727c9f-9096-42a4-b140-2d38b4cf995b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Temp\2c2bdb59-e19e-4b64-8ffd-3cca0b99d90e.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                              C:\Users\user\AppData\Local\Temp\4629306b-acbc-4907-aeb3-88fa17bbf087.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                              C:\Users\user\AppData\Local\Temp\a14e30df-6240-489e-92d4-73d22ca93d9f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                              Category:dropped
                                                              Size (bytes):76321
                                                              Entropy (8bit):7.996057445951542
                                                              Encrypted:true
                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                              MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                              SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                              SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                              SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                              Malicious:false
                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2110
                                                              Entropy (8bit):5.406382826554241
                                                              Encrypted:false
                                                              SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854RrL:8e2Fa116uCntc5toYz0M
                                                              MD5:FF62CC81DAEE1BFD6525AF2F4322EF06
                                                              SHA1:F0E3A1FC24BF6990039E1CD0B274C504DF9A9C1E
                                                              SHA-256:1274C790892173C765A296D5840633EE25B36AC615F39B0A54CD0C5A4918EB60
                                                              SHA-512:96BCD80B8C201C5127756DC605AE93876302C2C9F4AB519210F60ECF4154C10FFCBCDA56E2EFEC7C65EB83EF4C3B2D85A5F86C33CD81FD2CF2B1E9D48E7866C2
                                                              Malicious:false
                                                              Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                              C:\Users\user\AppData\Local\Temp\d73daa64-f965-4f3b-9a49-8c107f2f63bf.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 903526
                                                              Category:dropped
                                                              Size (bytes):474538
                                                              Entropy (8bit):7.998115496878428
                                                              Encrypted:true
                                                              SSDEEP:12288:Rqm9bVqfVKJL10ZeJ2IhgFHNsp8CMJJGDS9OUn:RlVVqfVKJLOZezg588C5Un
                                                              MD5:ED432BC176D0ED4F34AA779BC63386DE
                                                              SHA1:EE5457B4DB5EBADEF973C2F9428BC7088FDF3D41
                                                              SHA-256:0A0F6A5F2F91054A84BA2D899F8C3776C607AC4E0668B90FE832A092A890D992
                                                              SHA-512:5348C010B3D72EFF40553416D11298DF82F12B961D6A12E1791B4449CEF4E6F991BBE979D0F94C2EC79C3E902468942791121F041CB09A0C5F49330A0C0BADEA
                                                              Malicious:false
                                                              Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                              C:\Users\user\AppData\Local\Temp\d9a1d4cc-2894-4b97-b2d0-c3038c24386b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Temp\e036c7b4-e041-4aa4-bbe4-a1c5296dd725.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                              Category:dropped
                                                              Size (bytes):206855
                                                              Entropy (8bit):7.983996634657522
                                                              Encrypted:false
                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                              Malicious:false
                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.4593089050301797
                                                              Encrypted:false
                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                              Malicious:false
                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\4629306b-acbc-4907-aeb3-88fa17bbf087.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\128.png

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                              Category:dropped
                                                              Size (bytes):4982
                                                              Entropy (8bit):7.929761711048726
                                                              Encrypted:false
                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                              Malicious:false
                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\af\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):908
                                                              Entropy (8bit):4.512512697156616
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\am\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1285
                                                              Entropy (8bit):4.702209356847184
                                                              Encrypted:false
                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ar\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1244
                                                              Entropy (8bit):4.5533961615623735
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\az\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.867640976960053
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\be\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3107
                                                              Entropy (8bit):3.535189746470889
                                                              Encrypted:false
                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\bg\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1389
                                                              Entropy (8bit):4.561317517930672
                                                              Encrypted:false
                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\bn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1763
                                                              Entropy (8bit):4.25392954144533
                                                              Encrypted:false
                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ca\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):930
                                                              Entropy (8bit):4.569672473374877
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\cs\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):913
                                                              Entropy (8bit):4.947221919047
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\cy\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):806
                                                              Entropy (8bit):4.815663786215102
                                                              Encrypted:false
                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\da\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):883
                                                              Entropy (8bit):4.5096240460083905
                                                              Encrypted:false
                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\de\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1031
                                                              Entropy (8bit):4.621865814402898
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\el\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1613
                                                              Entropy (8bit):4.618182455684241
                                                              Encrypted:false
                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\en\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\en_CA\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\en_GB\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):848
                                                              Entropy (8bit):4.494568170878587
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\en_US\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1425
                                                              Entropy (8bit):4.461560329690825
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                              Malicious:false
                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\es\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):961
                                                              Entropy (8bit):4.537633413451255
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\es_419\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):959
                                                              Entropy (8bit):4.570019855018913
                                                              Encrypted:false
                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\et\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):968
                                                              Entropy (8bit):4.633956349931516
                                                              Encrypted:false
                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\eu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):838
                                                              Entropy (8bit):4.4975520913636595
                                                              Encrypted:false
                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\fa\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1305
                                                              Entropy (8bit):4.673517697192589
                                                              Encrypted:false
                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\fi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):911
                                                              Entropy (8bit):4.6294343834070935
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\fil\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):939
                                                              Entropy (8bit):4.451724169062555
                                                              Encrypted:false
                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\fr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.622066056638277
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\fr_CA\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):972
                                                              Entropy (8bit):4.621319511196614
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\gl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):990
                                                              Entropy (8bit):4.497202347098541
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\gu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1658
                                                              Entropy (8bit):4.294833932445159
                                                              Encrypted:false
                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\hi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1672
                                                              Entropy (8bit):4.314484457325167
                                                              Encrypted:false
                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\hr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):935
                                                              Entropy (8bit):4.6369398601609735
                                                              Encrypted:false
                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\hu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1065
                                                              Entropy (8bit):4.816501737523951
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\hy\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2771
                                                              Entropy (8bit):3.7629875118570055
                                                              Encrypted:false
                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\id\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):858
                                                              Entropy (8bit):4.474411340525479
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\is\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):954
                                                              Entropy (8bit):4.631887382471946
                                                              Encrypted:false
                                                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\it\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):899
                                                              Entropy (8bit):4.474743599345443
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\iw\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2230
                                                              Entropy (8bit):3.8239097369647634
                                                              Encrypted:false
                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ja\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1160
                                                              Entropy (8bit):5.292894989863142
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ka\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3264
                                                              Entropy (8bit):3.586016059431306
                                                              Encrypted:false
                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\kk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3235
                                                              Entropy (8bit):3.6081439490236464
                                                              Encrypted:false
                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\km\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3122
                                                              Entropy (8bit):3.891443295908904
                                                              Encrypted:false
                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\kn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1880
                                                              Entropy (8bit):4.295185867329351
                                                              Encrypted:false
                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                              MD5:8E16966E815C3C274EEB8492B1EA6648
                                                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ko\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1042
                                                              Entropy (8bit):5.3945675025513955
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\lo\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2535
                                                              Entropy (8bit):3.8479764584971368
                                                              Encrypted:false
                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\lt\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1028
                                                              Entropy (8bit):4.797571191712988
                                                              Encrypted:false
                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                              MD5:970544AB4622701FFDF66DC556847652
                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\lv\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):994
                                                              Entropy (8bit):4.700308832360794
                                                              Encrypted:false
                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ml\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2091
                                                              Entropy (8bit):4.358252286391144
                                                              Encrypted:false
                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\mn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2778
                                                              Entropy (8bit):3.595196082412897
                                                              Encrypted:false
                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\mr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1719
                                                              Entropy (8bit):4.287702203591075
                                                              Encrypted:false
                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ms\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):936
                                                              Entropy (8bit):4.457879437756106
                                                              Encrypted:false
                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\my\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3830
                                                              Entropy (8bit):3.5483353063347587
                                                              Encrypted:false
                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                              MD5:342335A22F1886B8BC92008597326B24
                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ne\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1898
                                                              Entropy (8bit):4.187050294267571
                                                              Encrypted:false
                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\nl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.513485418448461
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\no\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):878
                                                              Entropy (8bit):4.4541485835627475
                                                              Encrypted:false
                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\pa\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2766
                                                              Entropy (8bit):3.839730779948262
                                                              Encrypted:false
                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\pl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):978
                                                              Entropy (8bit):4.879137540019932
                                                              Encrypted:false
                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\pt_BR\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):907
                                                              Entropy (8bit):4.599411354657937
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\pt_PT\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.604761241355716
                                                              Encrypted:false
                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ro\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):937
                                                              Entropy (8bit):4.686555713975264
                                                              Encrypted:false
                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ru\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1337
                                                              Entropy (8bit):4.69531415794894
                                                              Encrypted:false
                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\si\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2846
                                                              Entropy (8bit):3.7416822879702547
                                                              Encrypted:false
                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\sk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):934
                                                              Entropy (8bit):4.882122893545996
                                                              Encrypted:false
                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\sl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):963
                                                              Entropy (8bit):4.6041913416245
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\sr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1320
                                                              Entropy (8bit):4.569671329405572
                                                              Encrypted:false
                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\sv\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):884
                                                              Entropy (8bit):4.627108704340797
                                                              Encrypted:false
                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\sw\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):980
                                                              Entropy (8bit):4.50673686618174
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ta\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1941
                                                              Entropy (8bit):4.132139619026436
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\te\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1969
                                                              Entropy (8bit):4.327258153043599
                                                              Encrypted:false
                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\th\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1674
                                                              Entropy (8bit):4.343724179386811
                                                              Encrypted:false
                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\tr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1063
                                                              Entropy (8bit):4.853399816115876
                                                              Encrypted:false
                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\uk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1333
                                                              Entropy (8bit):4.686760246306605
                                                              Encrypted:false
                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\ur\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1263
                                                              Entropy (8bit):4.861856182762435
                                                              Encrypted:false
                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\vi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1074
                                                              Entropy (8bit):5.062722522759407
                                                              Encrypted:false
                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\zh_CN\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):879
                                                              Entropy (8bit):5.7905809868505544
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\zh_HK\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1205
                                                              Entropy (8bit):4.50367724745418
                                                              Encrypted:false
                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\zh_TW\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):843
                                                              Entropy (8bit):5.76581227215314
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_locales\zu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):912
                                                              Entropy (8bit):4.65963951143349
                                                              Encrypted:false
                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\_metadata\verified_contents.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):11280
                                                              Entropy (8bit):5.754230909218899
                                                              Encrypted:false
                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                              Malicious:false
                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\dasherSettingSchema.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):854
                                                              Entropy (8bit):4.284628987131403
                                                              Encrypted:false
                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                              Malicious:false
                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\manifest.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2525
                                                              Entropy (8bit):5.417689528134667
                                                              Encrypted:false
                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                              MD5:10FF8E5B674311683D27CE1879384954
                                                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                              Malicious:false
                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\offscreendocument.html

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:HTML document, ASCII text
                                                              Category:dropped
                                                              Size (bytes):97
                                                              Entropy (8bit):4.862433271815736
                                                              Encrypted:false
                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                              Malicious:false
                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\offscreendocument_main.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):95567
                                                              Entropy (8bit):5.4016395763198135
                                                              Encrypted:false
                                                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                              Malicious:false
                                                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\page_embed_script.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291
                                                              Entropy (8bit):4.65176400421739
                                                              Encrypted:false
                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                              Malicious:false
                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_1017203236\CRX_INSTALL\service_worker_bin_prod.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):103988
                                                              Entropy (8bit):5.389407461078688
                                                              Encrypted:false
                                                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                              MD5:EA946F110850F17E637B15CF22B82837
                                                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                              Malicious:false
                                                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_2046955195\2c2bdb59-e19e-4b64-8ffd-3cca0b99d90e.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_2046955195\CRX_INSTALL\_metadata\verified_contents.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1753
                                                              Entropy (8bit):5.8889033066924155
                                                              Encrypted:false
                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                              Malicious:false
                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_2046955195\CRX_INSTALL\content.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):9815
                                                              Entropy (8bit):6.1716321262973315
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_2046955195\CRX_INSTALL\content_new.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):10388
                                                              Entropy (8bit):6.174387413738973
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6252_2046955195\CRX_INSTALL\manifest.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):962
                                                              Entropy (8bit):5.698567446030411
                                                              Encrypted:false
                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                              Malicious:false
                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                              Category:dropped
                                                              Size (bytes):453023
                                                              Entropy (8bit):7.997718157581587
                                                              Encrypted:true
                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                              MD5:85430BAED3398695717B0263807CF97C
                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                              Malicious:false
                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.1867463390487
                                                              Encrypted:false
                                                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                              MD5:98875950B62B398FFE70C0A8D0998017
                                                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.1867463390487
                                                              Encrypted:false
                                                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                              MD5:98875950B62B398FFE70C0A8D0998017
                                                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11225
                                                              Entropy (8bit):5.509709580725496
                                                              Encrypted:false
                                                              SSDEEP:192:ynPOeRnHYbBp6RJ0aX+n6SEXKgGkHWNBw8rFSl:wPegJU6RrHEwY0
                                                              MD5:527265CDFE16CBB3B935521CE72E5F52
                                                              SHA1:2AAFC721B5377030EBEFFAB65065D1BA46E6B71F
                                                              SHA-256:BC66B19C235929617B6E7E67EAB445701969130CCE3B5B2F2DF43D98BFB84638
                                                              SHA-512:2FB3FB38657C2E74180A04ACA76A71D46F2E4A2C1CE6812FF914904D68B1B94C2B0277A6E19B449C7BA06EFCAFEC7BBE823D5828382223552D99F92C9C0253EA
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1724534040);..user_pref("app.update.lastUpdateTime.background-update-timer", 1724534040);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11225
                                                              Entropy (8bit):5.509709580725496
                                                              Encrypted:false
                                                              SSDEEP:192:ynPOeRnHYbBp6RJ0aX+n6SEXKgGkHWNBw8rFSl:wPegJU6RrHEwY0
                                                              MD5:527265CDFE16CBB3B935521CE72E5F52
                                                              SHA1:2AAFC721B5377030EBEFFAB65065D1BA46E6B71F
                                                              SHA-256:BC66B19C235929617B6E7E67EAB445701969130CCE3B5B2F2DF43D98BFB84638
                                                              SHA-512:2FB3FB38657C2E74180A04ACA76A71D46F2E4A2C1CE6812FF914904D68B1B94C2B0277A6E19B449C7BA06EFCAFEC7BBE823D5828382223552D99F92C9C0253EA
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1724534040);..user_pref("app.update.lastUpdateTime.background-update-timer", 1724534040);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\056e3e1f-0adb-433e-92d8-fd304fc5e455 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):493
                                                              Entropy (8bit):4.954896123557561
                                                              Encrypted:false
                                                              SSDEEP:12:YZFgTi5XVIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YrzSlCOlZGV1AQIWZcy6ZXvx
                                                              MD5:F7BB8B0CA392C6AB1DE1A143E1266D97
                                                              SHA1:53443810AF4E53C0A898E04372217B2A471A67FD
                                                              SHA-256:A7D4BE7B7561AD45200D69F3C6E8A4CFF02AD8EEBC684081052FD541813CD3FE
                                                              SHA-512:4DCA6CC4A11142487160EA03A114ADDBA9911CE9782074A773F57347EF741721FE0F4AA22451D8BC242F83E34C55EDCB3EA6C42F467D8F8576B44209BDEB6837
                                                              Malicious:false
                                                              Preview:{"type":"health","id":"056e3e1f-0adb-433e-92d8-fd304fc5e455","creationDate":"2024-08-24T21:14:33.174Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\056e3e1f-0adb-433e-92d8-fd304fc5e455.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):493
                                                              Entropy (8bit):4.954896123557561
                                                              Encrypted:false
                                                              SSDEEP:12:YZFgTi5XVIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YrzSlCOlZGV1AQIWZcy6ZXvx
                                                              MD5:F7BB8B0CA392C6AB1DE1A143E1266D97
                                                              SHA1:53443810AF4E53C0A898E04372217B2A471A67FD
                                                              SHA-256:A7D4BE7B7561AD45200D69F3C6E8A4CFF02AD8EEBC684081052FD541813CD3FE
                                                              SHA-512:4DCA6CC4A11142487160EA03A114ADDBA9911CE9782074A773F57347EF741721FE0F4AA22451D8BC242F83E34C55EDCB3EA6C42F467D8F8576B44209BDEB6837
                                                              Malicious:false
                                                              Preview:{"type":"health","id":"056e3e1f-0adb-433e-92d8-fd304fc5e455","creationDate":"2024-08-24T21:14:33.174Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):53
                                                              Entropy (8bit):4.136624295551173
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):53
                                                              Entropy (8bit):4.136624295551173
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                              Category:dropped
                                                              Size (bytes):271
                                                              Entropy (8bit):5.48135689132149
                                                              Encrypted:false
                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCGJtVB4NzdDdCQ:vLz2S+EWDDoWqC5mcPK34VJBed9
                                                              MD5:BFD76D145FA2149093B597E900F5AE74
                                                              SHA1:EE6CEA2B440BB398960614B582DDF545906D2647
                                                              SHA-256:FE8AB38E670953339AE473D2D8A70EDEED7232CBB3AA60502F5EC570CBA6CB56
                                                              SHA-512:9D609F98103D7B39C4DA88D1E99496DFA93A7917A693582EC7EB499F945A5D561EFC4879326D3530AB2583F376426E8E7B5F7906B472140D0C16CD8B0F67E6E1
                                                              Malicious:false
                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1724534031905,"startTim...#08761,"recentCrashes":0},"global":{},"cookies":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                              Category:dropped
                                                              Size (bytes):271
                                                              Entropy (8bit):5.48135689132149
                                                              Encrypted:false
                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCGJtVB4NzdDdCQ:vLz2S+EWDDoWqC5mcPK34VJBed9
                                                              MD5:BFD76D145FA2149093B597E900F5AE74
                                                              SHA1:EE6CEA2B440BB398960614B582DDF545906D2647
                                                              SHA-256:FE8AB38E670953339AE473D2D8A70EDEED7232CBB3AA60502F5EC570CBA6CB56
                                                              SHA-512:9D609F98103D7B39C4DA88D1E99496DFA93A7917A693582EC7EB499F945A5D561EFC4879326D3530AB2583F376426E8E7B5F7906B472140D0C16CD8B0F67E6E1
                                                              Malicious:false
                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1724534031905,"startTim...#08761,"recentCrashes":0},"global":{},"cookies":[]}

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):6.579592666416282
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:file.exe
                                                              File size:917'504 bytes
                                                              MD5:c7660197be2ae95b1d523e47a37ccb11
                                                              SHA1:bcf3f9e333e9353b6ac51c5db4bd592ae212fe8c
                                                              SHA256:bf9158cd0b4324b3f21c0a2a36a3fd859ee2365910e4a37b382185c5e15a3e21
                                                              SHA512:51cb242e0f77d643ed26110279d2666ce8c7ac6ac5a06f129b474f309593f8bf90c692b135b7c2d79018098d94b021b0e447e0e4a561198c65bb88ce39dc685d
                                                              SSDEEP:12288:JqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTJ:JqDEvCTbMWu7rQYlBQcBiT6rprG8avJ
                                                              TLSH:4A159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                              File Icon

                                                              Icon Hash:aaf3e3e3938382a0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x420577
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x66CA3A3F [Sat Aug 24 19:53:35 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:5
                                                              OS Version Minor:1
                                                              File Version Major:5
                                                              File Version Minor:1
                                                              Subsystem Version Major:5
                                                              Subsystem Version Minor:1
                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007F34F50C0CC3h
                                                              jmp 00007F34F50C05CFh
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007F34F50C07ADh
                                                              mov dword ptr [esi], 0049FDF0h
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                              mov dword ptr [ecx], 0049FDF0h
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007F34F50C077Ah
                                                              mov dword ptr [esi], 0049FE0Ch
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                              mov dword ptr [ecx], 0049FE0Ch
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              and dword ptr [eax], 00000000h
                                                              and dword ptr [eax+04h], 00000000h
                                                              push eax
                                                              mov eax, dword ptr [ebp+08h]
                                                              add eax, 04h
                                                              push eax
                                                              call 00007F34F50C336Dh
                                                              pop ecx
                                                              pop ecx
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              lea eax, dword ptr [ecx+04h]
                                                              mov dword ptr [ecx], 0049FDD0h
                                                              push eax
                                                              call 00007F34F50C33B8h
                                                              pop ecx
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              push eax
                                                              call 00007F34F50C33A1h
                                                              test byte ptr [ebp+08h], 00000001h
                                                              pop ecx

                                                              Rich Headers

                                                              Programming Language:
                                                              • [ C ] VS2008 SP1 build 30729
                                                              • [IMP] VS2008 SP1 build 30729

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0xd40000x95000x9600d69234c274a3be685f6176a8fb40dc38False0.2811197916666667data5.161472911517623IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                              RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                              RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                              RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                              RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                              RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                              RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                              RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                              Imports

                                                              DLLImport
                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                              PSAPI.DLLGetProcessMemoryInfo
                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                              UxTheme.dllIsThemeActive
                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishGreat Britain

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Aug 24, 2024 22:02:52.098308086 CEST49675443192.168.2.523.1.237.91
                                                              Aug 24, 2024 22:02:52.098342896 CEST49674443192.168.2.523.1.237.91
                                                              Aug 24, 2024 22:02:52.207712889 CEST49673443192.168.2.523.1.237.91
                                                              Aug 24, 2024 22:02:57.972615957 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:57.972651005 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:57.972836971 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:58.065280914 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:58.065311909 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:58.846693039 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:59.046549082 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:59.135134935 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:59.135183096 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:59.136104107 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:59.136116982 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:59.136172056 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:59.184178114 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:59.184271097 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:59.187823057 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:59.187843084 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:59.248846054 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:59.352091074 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:59.352402925 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:02:59.352458954 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:59.615540028 CEST49708443192.168.2.594.245.104.56
                                                              Aug 24, 2024 22:02:59.615591049 CEST4434970894.245.104.56192.168.2.5
                                                              Aug 24, 2024 22:03:01.705643892 CEST49675443192.168.2.523.1.237.91
                                                              Aug 24, 2024 22:03:01.857672930 CEST49674443192.168.2.523.1.237.91
                                                              Aug 24, 2024 22:03:01.904968977 CEST49673443192.168.2.523.1.237.91
                                                              Aug 24, 2024 22:03:02.148943901 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:02.148973942 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:02.149068117 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:02.151607037 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:02.151618958 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:02.616255999 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:02.616314888 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:02.616550922 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:02.616734982 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:02.616749048 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:02.618518114 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:02.618560076 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:02.618747950 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:02.618841887 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:02.618861914 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:02.718878031 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:02.718911886 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:02.719105005 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:02.721833944 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:02.721847057 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:02.805016041 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:02.805090904 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:02.983628988 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:02.983658075 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:02.983875036 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:03.059237957 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:03.075829029 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.076374054 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.076400042 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.077341080 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.077421904 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.092056036 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.175818920 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.175832033 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.175951958 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.176039934 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.177181959 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.177194118 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.177241087 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.184058905 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.192183018 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.192249060 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.192487955 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.192504883 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.193217039 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.193233967 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.193429947 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.193435907 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.194111109 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.194188118 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.225053072 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.225121975 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.229404926 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.229424000 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.248833895 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.248835087 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.350500107 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:03.356580973 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.392508030 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:03.519001007 CEST49734443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.519052982 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.519217014 CEST49734443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.519431114 CEST49734443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.519443989 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.592567921 CEST49736443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.592583895 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.592710018 CEST49736443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.593036890 CEST49736443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.593046904 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.607239008 CEST49737443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.607248068 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.607420921 CEST49737443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.607661963 CEST49737443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.607671976 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.645804882 CEST4434970323.1.237.91192.168.2.5
                                                              Aug 24, 2024 22:03:03.645911932 CEST49703443192.168.2.523.1.237.91
                                                              Aug 24, 2024 22:03:03.741319895 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.741420031 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.741529942 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.741590977 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.741596937 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.741640091 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.741909981 CEST49732443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.741929054 CEST44349732172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.742192984 CEST49731443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:03.742213011 CEST44349731172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.742844105 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.742893934 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.743016005 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.760585070 CEST49733443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:03.760593891 CEST44349733162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:03.825876951 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:03.825922966 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:03.826035023 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:03.826602936 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:03.826622963 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:03.826632977 CEST49727443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:03.826637983 CEST44349727184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.008788109 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.008814096 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.008927107 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.009525061 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.009535074 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.099400043 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.103343964 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.112276077 CEST49736443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:04.112299919 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.112524986 CEST49737443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.112533092 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.112596035 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.112858057 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.112965107 CEST4974053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:04.113353968 CEST49737443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.113409996 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.113671064 CEST49736443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:04.113718033 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.113841057 CEST49737443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.113888025 CEST49736443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:04.117862940 CEST53497401.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:04.117958069 CEST4974053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:04.118030071 CEST4974053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:04.118066072 CEST4974053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:04.122993946 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.123183966 CEST53497401.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:04.123233080 CEST49734443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.123241901 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.123574972 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.123737097 CEST53497401.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:04.123858929 CEST49734443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.123914957 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.123995066 CEST49734443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.156505108 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.156513929 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.168498993 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.221798897 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.221831083 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.222671032 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.222707987 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.228894949 CEST49737443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.229093075 CEST49736443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:04.230045080 CEST49736443192.168.2.5162.159.61.3
                                                              Aug 24, 2024 22:03:04.230060101 CEST44349736162.159.61.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.230238914 CEST49737443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.230242968 CEST44349737172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.230823994 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.230854034 CEST44349741172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.231236935 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.231244087 CEST44349742172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.232146025 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.232280970 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.232517004 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.232530117 CEST44349742172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.232722044 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.232732058 CEST44349741172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.238615990 CEST49743443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:04.238636971 CEST4434974335.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:04.239419937 CEST49743443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:04.245031118 CEST49743443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:04.245042086 CEST4434974335.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:04.258007050 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.258059978 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.264036894 CEST49734443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.264463902 CEST49734443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.264472961 CEST44349734172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.484707117 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:04.484726906 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:04.484877110 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:04.485846043 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:04.485858917 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:04.583462000 CEST53497401.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:04.591742992 CEST4974053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:04.596807003 CEST53497401.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:04.600588083 CEST4974053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:04.651372910 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.653528929 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:04.653563023 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:04.656133890 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:04.656133890 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.662583113 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.662590027 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.662796021 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.663738966 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:04.663755894 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:04.675623894 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.685658932 CEST44349741172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.688039064 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.688054085 CEST44349741172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.688401937 CEST44349741172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.689027071 CEST44349742172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.706768990 CEST4434974335.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:04.712502003 CEST4434974335.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:04.716731071 CEST49743443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:04.720504045 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.764614105 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.764627934 CEST44349742172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.764853001 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.764926910 CEST44349741172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.765101910 CEST44349742172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.827151060 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.827280045 CEST44349742172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.840166092 CEST49743443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:04.840174913 CEST4434974335.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:04.840306044 CEST4434974335.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:04.840332031 CEST49743443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:04.840337038 CEST4434974335.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:04.840778112 CEST49743443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:04.858407021 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.904758930 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.934850931 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.934890032 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.935663939 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.948709965 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:04.948748112 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:04.948826075 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:04.948863983 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:04.948913097 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:04.949106932 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:04.949116945 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:04.949137926 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:04.949265957 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:04.949276924 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:04.958019972 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:04.961772919 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:04.961786032 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:04.962132931 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:04.962755919 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:04.962919950 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:04.962928057 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:04.963552952 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.963565111 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.963574886 CEST49739443192.168.2.5184.28.90.27
                                                              Aug 24, 2024 22:03:04.963579893 CEST44349739184.28.90.27192.168.2.5
                                                              Aug 24, 2024 22:03:04.964224100 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:04.964281082 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:04.964406013 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.004504919 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.057255030 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.057261944 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.105124950 CEST4975080192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:05.109618902 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.109719992 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.109743118 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.109946012 CEST804975034.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:05.110586882 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.110610962 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.110631943 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.112170935 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.122457027 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.122472048 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.122481108 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.122498989 CEST4975080192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:05.122509956 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.137434006 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.141405106 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.181071043 CEST4975080192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:05.185832024 CEST804975034.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:05.197891951 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.197926998 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.197936058 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.198327065 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.198359966 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.198796988 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.198863983 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.198884010 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.198904037 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.198971987 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.201683044 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.201683044 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.220741987 CEST49744443192.168.2.5142.251.32.110
                                                              Aug 24, 2024 22:03:05.220752954 CEST44349744142.251.32.110192.168.2.5
                                                              Aug 24, 2024 22:03:05.229085922 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.236665964 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:05.236687899 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.237713099 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.249336958 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:05.252468109 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:05.252532005 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.252652884 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:05.296503067 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.298429012 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:05.298456907 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.352521896 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.352535009 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.352555990 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.352564096 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.352605104 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.356343985 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:05.364976883 CEST49747443192.168.2.5152.195.19.97
                                                              Aug 24, 2024 22:03:05.365000963 CEST44349747152.195.19.97192.168.2.5
                                                              Aug 24, 2024 22:03:05.405836105 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.414083004 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.427205086 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.427237988 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.427649975 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.427818060 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.427830935 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.428261995 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.428469896 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.428579092 CEST49751443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:05.428596020 CEST4434975113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:05.429106951 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.436500072 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.439692974 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.439728022 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.439738035 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.439924955 CEST49751443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:05.439965963 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.441574097 CEST49751443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:05.441586018 CEST4434975113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:05.441747904 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.441800117 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.441811085 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.441859007 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.442061901 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.442193985 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.484533072 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.488508940 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.532982111 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:05.533000946 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:05.541474104 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:05.541692019 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:05.541702032 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:05.552540064 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.552704096 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.553325891 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.554234982 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.554610968 CEST49749443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.554627895 CEST44349749142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.555408001 CEST49748443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.555423975 CEST44349748142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.566099882 CEST804975034.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:05.594578028 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:05.594594002 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:05.594769955 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:05.594975948 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:05.594989061 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:05.655318022 CEST4975080192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:05.774415016 CEST49754443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:05.774430037 CEST4434975413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:05.774544954 CEST49754443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:05.774732113 CEST49754443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:05.774744034 CEST4434975413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:05.859728098 CEST49755443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.859764099 CEST44349755142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.859893084 CEST49756443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.859930038 CEST44349756142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.860013008 CEST49755443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.860219955 CEST49755443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.860234976 CEST44349755142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:05.860254049 CEST49756443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.860565901 CEST49756443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.860579967 CEST44349756142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.095297098 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.095575094 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:06.095597982 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.096641064 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.097410917 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:06.098494053 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:06.098551989 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.098699093 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:06.102240086 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.102431059 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.102440119 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.102745056 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.102754116 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.102778912 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.102817059 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.102832079 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.102871895 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.103049040 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.103334904 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.104439974 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.104512930 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.105782032 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.105787039 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.140496969 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.151607990 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.151659012 CEST44349741172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:06.151664019 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.151712894 CEST49751443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.151738882 CEST44349742172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:06.151741982 CEST49754443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.151794910 CEST44349741172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:06.151806116 CEST49755443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.151829958 CEST49756443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.151931047 CEST44349742172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:06.152327061 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.152349949 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.152503014 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.152509928 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.152602911 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.152620077 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.152745008 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.152751923 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.154877901 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.154877901 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.154911041 CEST49741443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.154911041 CEST49742443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.155087948 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.155087948 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.155319929 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.155319929 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.155332088 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.155335903 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.155477047 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.155488014 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.155517101 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.155529022 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.155625105 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.155636072 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.192497015 CEST4434975413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.192498922 CEST4434975113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.192502022 CEST44349755142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.192498922 CEST44349756142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.208765030 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:06.208787918 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.246500969 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.308996916 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:06.399125099 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.399158955 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.399177074 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.399198055 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.399285078 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399307966 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.399319887 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399348974 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399369001 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399391890 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399410963 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399435997 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399460077 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399481058 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399504900 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.399579048 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:06.400058985 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.400070906 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.400079012 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.400105000 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.400211096 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.404521942 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.404568911 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.404607058 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.404881954 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.404905081 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.404930115 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.404954910 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.404985905 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.405680895 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.405706882 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.405778885 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.405797958 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.406558990 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.406583071 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.406605005 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.407038927 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.407044888 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.409606934 CEST4434975113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.409626961 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.409653902 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.409764051 CEST4434975113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.409951925 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.410300970 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.410324097 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.410347939 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415266991 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.415301085 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415312052 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415318966 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415333033 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415342093 CEST49751443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.415347099 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.415353060 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415359020 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415381908 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415410995 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415436983 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415463924 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415703058 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415730000 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415755033 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.415779114 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.416107893 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.416167974 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.416191101 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.417330980 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.417526007 CEST49751443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.417588949 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.417599916 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.417685986 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.417690039 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.417742014 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.417831898 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.418595076 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.419294119 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419342995 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419364929 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419450045 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419573069 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419595957 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419773102 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419795036 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419819117 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.419842958 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420082092 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420150995 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420173883 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420429945 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420453072 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420494080 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420515060 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420722961 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.420809031 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.421072960 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.421113014 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.421166897 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.422516108 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.423811913 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.424459934 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.424772024 CEST49752443192.168.2.5142.251.40.129
                                                              Aug 24, 2024 22:03:06.424781084 CEST44349752142.251.40.129192.168.2.5
                                                              Aug 24, 2024 22:03:06.425245047 CEST49753443192.168.2.5142.250.64.100
                                                              Aug 24, 2024 22:03:06.425257921 CEST44349753142.250.64.100192.168.2.5
                                                              Aug 24, 2024 22:03:06.522810936 CEST44349756142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.522927046 CEST44349756142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.523201942 CEST49756443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.523233891 CEST49756443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.544641018 CEST44349755142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.544725895 CEST44349755142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.545437098 CEST49755443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.545437098 CEST49755443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.562638044 CEST49762443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.562654972 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:06.563169003 CEST49763443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.563177109 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:06.565637112 CEST49762443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.565830946 CEST49763443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.565836906 CEST49762443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.565849066 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:06.565938950 CEST49763443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.565952063 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:06.568964958 CEST4976480192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:06.573847055 CEST804976434.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:06.575547934 CEST4976480192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:06.575805902 CEST4976480192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:06.580610991 CEST804976434.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:06.583000898 CEST4434975413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.583101988 CEST4434975413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:06.583368063 CEST49754443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.583368063 CEST49754443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:06.623275995 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.623609066 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.623619080 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.623950958 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.624133110 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.624445915 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.624597073 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.624644041 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.624644041 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.624653101 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.624979973 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.625446081 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.625591993 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.625684977 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.625842094 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.625896931 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.625929117 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.625983953 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.759466887 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.759485006 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.797125101 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.797132015 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.907911062 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.958735943 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:07.028930902 CEST804976434.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:07.030837059 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.031132936 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.031142950 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.032329082 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.032963037 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.033020973 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.033073902 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.036284924 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.037758112 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.037827969 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.037934065 CEST49762443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.037960052 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.038057089 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.038068056 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.038155079 CEST49763443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.038176060 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.038341045 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.038357019 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.038563967 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.039904118 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.040450096 CEST49763443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.040509939 CEST49762443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.040513039 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.040579081 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.040611029 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.040956974 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.041044950 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.041059971 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.080504894 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.084500074 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.139112949 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.139142990 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.140486002 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.140500069 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.140506983 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.140578032 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.145318985 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.145348072 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.145776033 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.145787001 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.145793915 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.146017075 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.154702902 CEST49762443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.200311899 CEST4976480192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:07.200370073 CEST49763443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.221951008 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.221965075 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.221996069 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.222011089 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.222028017 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.222033978 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.223125935 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.223134041 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.223150969 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.223156929 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.223174095 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.227633953 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.227644920 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.228874922 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.228884935 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.229026079 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.236716986 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.236726999 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.236757040 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.236767054 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.236789942 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.236799002 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.238322973 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.238332987 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.238363981 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.238373995 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.238394022 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.244318962 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.244334936 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.244653940 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.244658947 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.244669914 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.244848967 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.307903051 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.307914019 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.307933092 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.307944059 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.307950020 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.307965040 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.308024883 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.308032990 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.308113098 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.308234930 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.308593988 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.310384035 CEST49760443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.310400009 CEST4434976013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.328926086 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.328939915 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.329782009 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.329817057 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.330425978 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.330440998 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.340027094 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.340027094 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.340037107 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.340058088 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.340065002 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.340082884 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.340114117 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.340114117 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.340121984 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.340174913 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.407160997 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.422131062 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.422147036 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.422516108 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.422554970 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.422883034 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.422892094 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.423055887 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.423096895 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.423104048 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.423119068 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.423144102 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.423186064 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.423193932 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.423229933 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.423382998 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.423401117 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.424218893 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.424232006 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.424338102 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.424345016 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.424379110 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.424415112 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.425014973 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.425029993 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.425844908 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.425851107 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.425904036 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.425961971 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.425977945 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.426246881 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.426285028 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.427185059 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.427190065 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.427232027 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.427295923 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.514056921 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514070988 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514154911 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.514161110 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514271021 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.514391899 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514410019 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514627934 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.514631987 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514647007 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.514672995 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514698029 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514703035 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.514707088 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514758110 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.514765978 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.514853001 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514889002 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.514904976 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.515106916 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.516058922 CEST49759443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.516067982 CEST4434975913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.650302887 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.650336027 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.650614023 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.650856018 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.650868893 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.953047037 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.953092098 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.953255892 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.953294992 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.953577995 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.953584909 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.953856945 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.953865051 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.954014063 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954020977 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.954164028 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954171896 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954171896 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954186916 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954230070 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954447985 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954463005 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.954583883 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954595089 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.954699993 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954709053 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.954802036 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954812050 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:07.954909086 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:07.954917908 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.713327885 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.714179039 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.714194059 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.714505911 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.715125084 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.715179920 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.715289116 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.716840982 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.717739105 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.717747927 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.718650103 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.718722105 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.719057083 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.719125986 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.719186068 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.719822884 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.720020056 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.720046997 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.720561981 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.720827103 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.720837116 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.720930099 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.720993996 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.721395969 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.721450090 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.721523046 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.721529961 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.721955061 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.722209930 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.722671032 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.722728014 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.722780943 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.728458881 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.728770971 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.729007959 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.729016066 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.729090929 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.729099035 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.729298115 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.729777098 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.729830980 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.729892015 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.729979992 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.730056047 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.730376959 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.730429888 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.730475903 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.760500908 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.760510921 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.764504910 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.772516012 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.776499033 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.808408976 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.808408976 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.808417082 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.808422089 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.808427095 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.813330889 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.813389063 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.813399076 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.813409090 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.813546896 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.814225912 CEST49766443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.814241886 CEST4434976613.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.814526081 CEST49773443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.814554930 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.815083981 CEST49773443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.815484047 CEST49773443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.815494061 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.817658901 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.817774057 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.817791939 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.817924976 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.818764925 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.818773985 CEST4434976913.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.819013119 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.819048882 CEST49769443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.819137096 CEST49774443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.819185019 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.819885969 CEST49774443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.820156097 CEST49774443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.820172071 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.826173067 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.826219082 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.826412916 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.827310085 CEST49771443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.827322006 CEST4434977113.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.828331947 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.828347921 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.828356028 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.828399897 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.829587936 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.829611063 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.829615116 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.830108881 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.830120087 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.832298040 CEST49768443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.832304955 CEST4434976813.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.837008953 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.837037086 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.837050915 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.837055922 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.837065935 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.837095976 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.837260008 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.837260008 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.838407040 CEST49770443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.838413000 CEST4434977013.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:08.838696003 CEST49772443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:08.838700056 CEST4434977213.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.449301004 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.449677944 CEST49773443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.449707985 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.449991941 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.450362921 CEST49773443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.450418949 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.451366901 CEST49773443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.464463949 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.464699030 CEST49774443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.464705944 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.465049028 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.465393066 CEST49774443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.465450048 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.465508938 CEST49774443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.468220949 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.468426943 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.468439102 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.469291925 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.469424009 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.469667912 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.469723940 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.469861984 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.496505976 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.508502007 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.512325048 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.512332916 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.549642086 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.549926996 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.550004959 CEST49773443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.550643921 CEST49773443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.550656080 CEST4434977313.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.557981014 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.564946890 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.565068960 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.567770958 CEST49774443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.568459034 CEST49774443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.568464041 CEST4434977413.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.569495916 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.569514990 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.569526911 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.569554090 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.569566965 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.569571972 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.569792986 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.569803953 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.569983006 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.654743910 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.654752970 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.654800892 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.654822111 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.654846907 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.654860020 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.654895067 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.654925108 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.656176090 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.656189919 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.656270981 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.656280041 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.666685104 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.741000891 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.741015911 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.741086960 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.741106033 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.741153002 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.742003918 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.742019892 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.742043018 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.742072105 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.742078066 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.742089033 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:09.742183924 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.742508888 CEST49775443192.168.2.513.107.246.41
                                                              Aug 24, 2024 22:03:09.742526054 CEST4434977513.107.246.41192.168.2.5
                                                              Aug 24, 2024 22:03:12.225764036 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:12.225811958 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:12.225889921 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:12.227150917 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:12.227164030 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:13.329860926 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:13.333081007 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:13.334940910 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:13.334956884 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:13.335201979 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:13.387975931 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:14.095824957 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:14.140516043 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.658473969 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.658494949 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.658502102 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.658546925 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.658562899 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.658572912 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.658580065 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:14.658593893 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.658624887 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:14.658624887 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:14.658719063 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:14.658956051 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.659387112 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:14.659392118 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.659471035 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:14.661031961 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:15.338638067 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:15.338638067 CEST49776443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:15.338668108 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:15.338679075 CEST4434977640.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:15.573386908 CEST4975080192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:15.578447104 CEST804975034.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:17.037348986 CEST4976480192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:17.043817043 CEST804976434.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:21.933552027 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:21.933621883 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:21.933820009 CEST49763443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:21.938677073 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:21.938757896 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:21.938865900 CEST49762443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:25.585283995 CEST4975080192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:25.590313911 CEST804975034.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:27.058861971 CEST4976480192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:27.064167023 CEST804976434.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:31.361130953 CEST49782443192.168.2.534.149.100.209
                                                              Aug 24, 2024 22:03:31.361200094 CEST4434978234.149.100.209192.168.2.5
                                                              Aug 24, 2024 22:03:31.361624002 CEST49782443192.168.2.534.149.100.209
                                                              Aug 24, 2024 22:03:31.361866951 CEST49782443192.168.2.534.149.100.209
                                                              Aug 24, 2024 22:03:31.361881018 CEST4434978234.149.100.209192.168.2.5
                                                              Aug 24, 2024 22:03:31.362293005 CEST49783443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:31.362302065 CEST4434978335.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:31.362370014 CEST49783443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:31.362457037 CEST49783443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:31.362467051 CEST4434978335.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:31.374977112 CEST49784443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:31.375005960 CEST4434978435.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:31.375150919 CEST49784443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:31.376636028 CEST49784443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:31.376650095 CEST4434978435.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:31.733795881 CEST49785443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:31.733823061 CEST4434978552.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:31.733885050 CEST49785443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:31.734038115 CEST49785443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:31.734049082 CEST4434978552.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:31.825704098 CEST4434978335.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:31.825813055 CEST49783443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:31.829231024 CEST49783443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:31.829238892 CEST4434978335.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:31.829483986 CEST4434978335.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:31.831795931 CEST49783443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:31.831937075 CEST49783443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:31.831974030 CEST4434978335.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:31.832619905 CEST49783443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:31.833507061 CEST4976480192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:31.833544970 CEST4975080192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:31.834727049 CEST4434978435.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:31.834809065 CEST49784443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:31.835047960 CEST4434978234.149.100.209192.168.2.5
                                                              Aug 24, 2024 22:03:31.836435080 CEST49782443192.168.2.534.149.100.209
                                                              Aug 24, 2024 22:03:31.838504076 CEST804976434.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:31.839426041 CEST49782443192.168.2.534.149.100.209
                                                              Aug 24, 2024 22:03:31.839431047 CEST4434978234.149.100.209192.168.2.5
                                                              Aug 24, 2024 22:03:31.839459896 CEST804975034.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:31.839576960 CEST4976480192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:31.839601040 CEST4975080192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:31.839667082 CEST4434978234.149.100.209192.168.2.5
                                                              Aug 24, 2024 22:03:31.840560913 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:31.842726946 CEST49784443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:31.842734098 CEST4434978435.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:31.842828989 CEST49784443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:31.842921972 CEST4434978435.190.72.216192.168.2.5
                                                              Aug 24, 2024 22:03:31.843054056 CEST49782443192.168.2.534.149.100.209
                                                              Aug 24, 2024 22:03:31.843101025 CEST49782443192.168.2.534.149.100.209
                                                              Aug 24, 2024 22:03:31.843195915 CEST4434978234.149.100.209192.168.2.5
                                                              Aug 24, 2024 22:03:31.843275070 CEST49784443192.168.2.535.190.72.216
                                                              Aug 24, 2024 22:03:31.843875885 CEST49782443192.168.2.534.149.100.209
                                                              Aug 24, 2024 22:03:31.846076965 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:31.846160889 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:31.846286058 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:31.851191998 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:32.312103987 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:32.317888021 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:32.322946072 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:32.323013067 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:32.323157072 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:32.328067064 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:32.358306885 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:32.464176893 CEST4434978552.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:32.464287043 CEST49785443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:32.467076063 CEST49785443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:32.467082977 CEST4434978552.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:32.467287064 CEST4434978552.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:32.469419003 CEST49785443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:32.469558001 CEST4434978552.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:32.469624996 CEST49785443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:32.469630957 CEST4434978552.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:32.470098972 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:32.470114946 CEST4434978852.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:32.470210075 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:32.470386028 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:32.470396996 CEST4434978852.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:32.680505991 CEST4434978552.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:32.681847095 CEST49785443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:32.793689013 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:32.839230061 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:33.206298113 CEST4434978852.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:33.206438065 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:33.209897995 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:33.209908009 CEST4434978852.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:33.210109949 CEST4434978852.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:33.212028980 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:33.212161064 CEST4434978852.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:33.212234020 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:33.212239981 CEST4434978852.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:33.220500946 CEST4434978852.222.236.120192.168.2.5
                                                              Aug 24, 2024 22:03:33.222784996 CEST49789443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.222815037 CEST4434978935.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.224818945 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:33.224838018 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:33.224838018 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:33.224838018 CEST49788443192.168.2.552.222.236.120
                                                              Aug 24, 2024 22:03:33.224874973 CEST49789443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.225183964 CEST49789443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.225197077 CEST4434978935.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.237632990 CEST49790443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.237651110 CEST4434979035.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.238034010 CEST49790443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.238169909 CEST49790443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.238179922 CEST4434979035.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.239684105 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:33.240200996 CEST49791443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.240231037 CEST4434979135.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.240411043 CEST49791443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.240540981 CEST49791443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.240551949 CEST4434979135.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.245057106 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:33.335057974 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:33.338329077 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:33.347521067 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:33.378550053 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:33.438523054 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:33.494410992 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:33.684673071 CEST4434978935.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.684838057 CEST49789443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.687789917 CEST49789443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.687804937 CEST4434978935.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.688441992 CEST4434978935.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.690373898 CEST49789443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.690485954 CEST49789443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.690514088 CEST4434978935.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.691654921 CEST49789443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.694292068 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:33.699152946 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:33.704314947 CEST4434979035.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.704399109 CEST49790443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.706935883 CEST49790443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.706942081 CEST4434979035.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.707166910 CEST4434979035.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.709494114 CEST49790443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.709577084 CEST49790443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.709642887 CEST4434979035.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.710160971 CEST49790443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.722598076 CEST4434979135.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.722678900 CEST49791443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.725442886 CEST49791443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.725450039 CEST4434979135.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.725683928 CEST4434979135.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.728038073 CEST49791443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.728131056 CEST49791443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.728189945 CEST4434979135.244.181.201192.168.2.5
                                                              Aug 24, 2024 22:03:33.728717089 CEST49791443192.168.2.535.244.181.201
                                                              Aug 24, 2024 22:03:33.789905071 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:33.793107033 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:33.797982931 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:33.842247009 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:33.892081976 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:33.942555904 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:43.796614885 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:43.801867962 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:43.904548883 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:43.909528971 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:51.765638113 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:51.765655041 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:51.811769009 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:51.811793089 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:51.861581087 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:51.861614943 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:51.861704111 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:51.862068892 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:51.862077951 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.635849953 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.635987043 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.640295029 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.640300989 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.640503883 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.648720026 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.696495056 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.960717916 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.960743904 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.960757017 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.960911989 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.960921049 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.961107969 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.962009907 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.962033033 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.962088108 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.963496923 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.966759920 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.966953039 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.966963053 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:52.966973066 CEST49793443192.168.2.540.127.169.103
                                                              Aug 24, 2024 22:03:52.966976881 CEST4434979340.127.169.103192.168.2.5
                                                              Aug 24, 2024 22:03:53.806212902 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:53.928771019 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:03:53.950227022 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:53.950476885 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:03:57.688316107 CEST49763443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:57.688343048 CEST44349763172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:57.688365936 CEST49762443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:57.688394070 CEST44349762172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:04:00.048500061 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.048558950 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.048638105 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.048856974 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.048871994 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.519412041 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.519768000 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.519797087 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.520071030 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.521333933 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.521457911 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.521506071 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.563246965 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.563260078 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.731592894 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.731652975 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.732012987 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.732054949 CEST4434979523.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.732548952 CEST49796443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.732584000 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.732601881 CEST49795443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.732641935 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:00.732734919 CEST49796443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.732944965 CEST49796443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:00.732978106 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:01.227797031 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:01.228187084 CEST49796443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:01.228277922 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:01.228614092 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:01.228926897 CEST49796443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:01.229002953 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:01.229068041 CEST49796443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:01.272510052 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:01.432601929 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:01.432914019 CEST49796443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:01.433008909 CEST4434979623.200.0.42192.168.2.5
                                                              Aug 24, 2024 22:04:01.433083057 CEST49796443192.168.2.523.200.0.42
                                                              Aug 24, 2024 22:04:03.814928055 CEST49797443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:03.814964056 CEST4434979734.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:03.818617105 CEST49797443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:03.818788052 CEST49797443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:03.818800926 CEST4434979734.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:03.931711912 CEST49798443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:03.931721926 CEST4434979834.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:03.932225943 CEST49798443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:03.932359934 CEST49798443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:03.932373047 CEST4434979834.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:03.960515976 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:03.965292931 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:03.981937885 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:03.987757921 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:04.298048973 CEST4434979734.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.298120975 CEST49797443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.300766945 CEST49797443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.300771952 CEST4434979734.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.300975084 CEST4434979734.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.303658962 CEST49797443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.303744078 CEST49797443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.303790092 CEST4434979734.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.303869009 CEST49797443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.391783953 CEST4434979834.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.391876936 CEST49798443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.394568920 CEST49798443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.394573927 CEST4434979834.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.395337105 CEST4434979834.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.397121906 CEST49798443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.397222996 CEST49798443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.397315979 CEST4434979834.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.397376060 CEST49798443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.929068089 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:04.931474924 CEST49799443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.931490898 CEST4434979934.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.931838036 CEST49799443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.931986094 CEST49799443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.931998014 CEST4434979934.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.983215094 CEST49800443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.983227015 CEST4434980034.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:04.983654976 CEST49800443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.983767986 CEST49800443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:04.983781099 CEST4434980034.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:05.196944952 CEST49801443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:05.196964025 CEST4434980134.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:05.197195053 CEST49801443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:05.197329998 CEST49801443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:05.197341919 CEST4434980134.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:05.244499922 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:05.595052958 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:05.595163107 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:05.682861090 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:05.736593962 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:05.787704945 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:05.793436050 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:05.885689020 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:05.937153101 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:06.055659056 CEST4434979934.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.056377888 CEST49799443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.060650110 CEST4434980134.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.060720921 CEST49801443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.083076954 CEST4434980034.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.083272934 CEST49800443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.239852905 CEST49799443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.239867926 CEST4434979934.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.240154028 CEST4434979934.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.242147923 CEST49800443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.242158890 CEST4434980034.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.243144989 CEST4434980034.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.244257927 CEST49801443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.244273901 CEST4434980134.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.244564056 CEST4434980134.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.247490883 CEST49799443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.247648954 CEST4434979934.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.247684956 CEST49799443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.247693062 CEST4434979934.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.247862101 CEST49800443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.247912884 CEST49800443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.248008966 CEST49801443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.248054981 CEST49801443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.248213053 CEST4434980134.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.248265028 CEST49801443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.248331070 CEST4434980034.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.248424053 CEST49800443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.290412903 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:06.456500053 CEST4434979934.120.208.123192.168.2.5
                                                              Aug 24, 2024 22:04:06.456568956 CEST49799443192.168.2.534.120.208.123
                                                              Aug 24, 2024 22:04:06.566054106 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:06.657953978 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:06.708270073 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:06.718195915 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:06.724716902 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:06.821379900 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:06.877549887 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:16.669048071 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:16.674199104 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:16.836406946 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:16.841341972 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:26.675570011 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:26.832962036 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:26.852663040 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:27.078810930 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:36.769051075 CEST49758443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:04:36.769109011 CEST44349758142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:04:36.815722942 CEST49757443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:04:36.815737009 CEST44349757142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:04:36.847023010 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:36.852045059 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:37.085266113 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:37.090342045 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:46.869734049 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:46.874762058 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:47.101151943 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:47.106650114 CEST804978734.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:56.888333082 CEST4978680192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:56.893251896 CEST804978634.107.221.82192.168.2.5
                                                              Aug 24, 2024 22:04:57.126213074 CEST4978780192.168.2.534.107.221.82
                                                              Aug 24, 2024 22:04:57.131248951 CEST804978734.107.221.82192.168.2.5

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Aug 24, 2024 22:02:57.959386110 CEST53615371.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:02:59.384572029 CEST6368453192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:02:59.385133982 CEST5999353192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:00.534816980 CEST53650341.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:00.717082024 CEST53619081.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:02.607878923 CEST5705253192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:02.608186960 CEST4982253192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:02.610451937 CEST5518353192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:02.610745907 CEST6376953192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:02.615143061 CEST53498221.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:02.615653992 CEST53570521.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:02.617595911 CEST53551831.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:02.617801905 CEST53637691.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:02.706808090 CEST6007153192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:02.707443953 CEST6127753192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:02.713979006 CEST53600711.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:02.714498043 CEST53612771.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:03.914942026 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.091397047 CEST53507521.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:04.230458975 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.235183001 CEST5224353192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:04.242047071 CEST53522431.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:04.251519918 CEST6188653192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:04.259938002 CEST53618861.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:04.364083052 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.364217997 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.364231110 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.364291906 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.364304066 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.378417015 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.380084991 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.380254030 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.380520105 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.380630016 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.380728960 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.380812883 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.380894899 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.380980015 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.381051064 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.381159067 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.477685928 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.477696896 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.477704048 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.477711916 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.479583025 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.481043100 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.481053114 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.481060982 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.481076956 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.481579065 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.481642962 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.481651068 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.482130051 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.483334064 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.483412027 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.483628035 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.484880924 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.485014915 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.485124111 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.578733921 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.626616955 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.829278946 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.829545021 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:04.934937000 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.935420036 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.935516119 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:04.947875023 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.096775055 CEST5433953192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:05.105920076 CEST5289053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:05.113394022 CEST53528901.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:05.151849031 CEST5359253192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:05.159161091 CEST53535921.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:05.246877909 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.247152090 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.305548906 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.305653095 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.343226910 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.343894958 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.344290018 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.362004042 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.401659012 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.402486086 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.402904034 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.426969051 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.428874016 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.428967953 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.494903088 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.494962931 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.525525093 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.528317928 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.528369904 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.532344103 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.557719946 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:05.591377020 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.592382908 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.592515945 CEST44354114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:05.594084978 CEST54114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:05.859400034 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.052508116 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.052529097 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.052539110 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.057804108 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.144319057 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.144335032 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.151125908 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.151423931 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.153203011 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.153328896 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.153672934 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.153672934 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.153825998 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.399571896 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.399583101 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.399585962 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.399593115 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.399677992 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.399784088 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.405985117 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.406209946 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.406311035 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.406474113 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:06.501466036 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:06.511450052 CEST5815553192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:06.518348932 CEST53581551.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:06.520256996 CEST6487653192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:06.522120953 CEST5711353192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:06.526979923 CEST53648761.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:06.561563969 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.875113010 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:06.977550030 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:06.978781939 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:07.032212019 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.032263994 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.032277107 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.032289028 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.037358999 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.038965940 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.039133072 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.039426088 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.039597034 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.120992899 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.136502028 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.136626005 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.137845993 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.137892962 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.139467001 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.139477015 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.140765905 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.140925884 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.141062975 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.238188028 CEST44360114172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:07.275845051 CEST60114443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:07.472817898 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.475184917 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.475194931 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.475200891 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.475207090 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.475531101 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:07.475608110 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:07.476386070 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:07.476634979 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:07.575584888 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.575596094 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.575783014 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.575974941 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:07.606049061 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.606059074 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.606061935 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:07.619133949 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:07.619314909 CEST50319443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:03:07.743505955 CEST44350319142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:03:13.971703053 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:14.398782969 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:14.398910999 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:14.399033070 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:14.399239063 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:14.439279079 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:14.446858883 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:14.454977036 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:14.519576073 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:31.352674007 CEST5643953192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:31.360306025 CEST53564391.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:31.361356020 CEST6209553192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:31.362538099 CEST5194253192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:31.368446112 CEST53620951.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:31.369007111 CEST6470453192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:31.370846987 CEST53519421.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:31.371417046 CEST5675453192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:31.377011061 CEST53647041.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:31.381853104 CEST53567541.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:31.725050926 CEST6331953192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:31.732876062 CEST53633191.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:31.733944893 CEST5316953192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:31.741183043 CEST53531691.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:31.742392063 CEST5104053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:03:31.749939919 CEST53510401.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:03:35.264498949 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:35.376285076 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:35.376297951 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:35.376811028 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:35.408664942 CEST63371443192.168.2.5142.250.80.78
                                                              Aug 24, 2024 22:03:35.497739077 CEST44363371142.250.80.78192.168.2.5
                                                              Aug 24, 2024 22:03:59.392754078 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.394489050 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.394550085 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.394618988 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.761157036 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.844669104 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:59.845592976 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:59.846143007 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.855129957 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:59.855192900 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:59.855278015 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:59.855288029 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:59.855298042 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.855638981 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.855722904 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:03:59.939976931 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:59.949163914 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:03:59.950020075 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:04:00.045816898 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:04:00.046854019 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:04:00.047188044 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:04:00.048026085 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:04:02.081083059 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:04:02.081198931 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:04:02.176378012 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:04:02.177288055 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:04:02.177772999 CEST44353680172.64.41.3192.168.2.5
                                                              Aug 24, 2024 22:04:02.177961111 CEST53680443192.168.2.5172.64.41.3
                                                              Aug 24, 2024 22:04:02.178977013 CEST56625443192.168.2.523.44.201.37
                                                              Aug 24, 2024 22:04:02.635245085 CEST4435662523.44.201.37192.168.2.5
                                                              Aug 24, 2024 22:04:02.635260105 CEST4435662523.44.201.37192.168.2.5
                                                              Aug 24, 2024 22:04:02.637634993 CEST56625443192.168.2.523.44.201.37
                                                              Aug 24, 2024 22:04:02.637747049 CEST56625443192.168.2.523.44.201.37
                                                              Aug 24, 2024 22:04:02.732512951 CEST4435662523.44.201.37192.168.2.5
                                                              Aug 24, 2024 22:04:02.732542038 CEST4435662523.44.201.37192.168.2.5
                                                              Aug 24, 2024 22:04:02.732646942 CEST4435662523.44.201.37192.168.2.5
                                                              Aug 24, 2024 22:04:02.732939005 CEST56625443192.168.2.523.44.201.37
                                                              Aug 24, 2024 22:04:02.766280890 CEST56625443192.168.2.523.44.201.37
                                                              Aug 24, 2024 22:04:02.828623056 CEST4435662523.44.201.37192.168.2.5
                                                              Aug 24, 2024 22:04:03.815222025 CEST5117653192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:04:03.822576046 CEST53511761.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:04:03.823039055 CEST5894153192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:04:03.832109928 CEST53589411.1.1.1192.168.2.5
                                                              Aug 24, 2024 22:04:04.928670883 CEST5021053192.168.2.51.1.1.1
                                                              Aug 24, 2024 22:04:05.311228991 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:05.311347008 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:06.041723013 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:06.041734934 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:06.041750908 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:06.042344093 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:06.042409897 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:06.065334082 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:06.077186108 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:06.142728090 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:06.175741911 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:06.563954115 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:06.564224958 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:06.999737978 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:07.124855042 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:07.150708914 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:07.150722027 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:07.151000977 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:07.151196003 CEST63082443192.168.2.5142.251.16.84
                                                              Aug 24, 2024 22:04:07.278950930 CEST44363082142.251.16.84192.168.2.5
                                                              Aug 24, 2024 22:04:22.735519886 CEST4435662523.44.201.37192.168.2.5
                                                              Aug 24, 2024 22:04:22.770095110 CEST56625443192.168.2.523.44.201.37
                                                              Aug 24, 2024 22:04:23.239182949 CEST4435662523.44.201.37192.168.2.5
                                                              Aug 24, 2024 22:04:23.271513939 CEST56625443192.168.2.523.44.201.37
                                                              Aug 24, 2024 22:04:32.742971897 CEST4435662523.44.201.37192.168.2.5

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Aug 24, 2024 22:02:59.384572029 CEST192.168.2.51.1.1.10xcb1aStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:02:59.385133982 CEST192.168.2.51.1.1.10xf427Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.607878923 CEST192.168.2.51.1.1.10x1539Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.608186960 CEST192.168.2.51.1.1.10x6105Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.610451937 CEST192.168.2.51.1.1.10x921Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.610745907 CEST192.168.2.51.1.1.10x7dbaStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.706808090 CEST192.168.2.51.1.1.10x2ab2Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.707443953 CEST192.168.2.51.1.1.10xc24aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Aug 24, 2024 22:03:04.235183001 CEST192.168.2.51.1.1.10x51c6Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:04.251519918 CEST192.168.2.51.1.1.10xbd57Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Aug 24, 2024 22:03:05.096775055 CEST192.168.2.51.1.1.10xa436Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:05.105920076 CEST192.168.2.51.1.1.10xabd3Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:05.151849031 CEST192.168.2.51.1.1.10x9474Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Aug 24, 2024 22:03:06.511450052 CEST192.168.2.51.1.1.10x4554Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:06.520256996 CEST192.168.2.51.1.1.10x4585Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:06.522120953 CEST192.168.2.51.1.1.10x26f3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.352674007 CEST192.168.2.51.1.1.10x7773Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.361356020 CEST192.168.2.51.1.1.10xae9aStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.362538099 CEST192.168.2.51.1.1.10x7c08Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.369007111 CEST192.168.2.51.1.1.10x90e2Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.371417046 CEST192.168.2.51.1.1.10xf01aStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.725050926 CEST192.168.2.51.1.1.10x4605Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.733944893 CEST192.168.2.51.1.1.10x96e3Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.742392063 CEST192.168.2.51.1.1.10x5c9fStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                              Aug 24, 2024 22:04:03.815222025 CEST192.168.2.51.1.1.10xca02Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:04:03.823039055 CEST192.168.2.51.1.1.10xcb1bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                              Aug 24, 2024 22:04:04.928670883 CEST192.168.2.51.1.1.10x2d0cStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Aug 24, 2024 22:02:57.961935997 CEST1.1.1.1192.168.2.50x8121No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:02:57.961935997 CEST1.1.1.1192.168.2.50x8121No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:02:57.964440107 CEST1.1.1.1192.168.2.50x32ecNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:02:59.392389059 CEST1.1.1.1192.168.2.50xcb1aNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:02:59.392405987 CEST1.1.1.1192.168.2.50xf427No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.615143061 CEST1.1.1.1192.168.2.50x6105No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.615653992 CEST1.1.1.1192.168.2.50x1539No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.615653992 CEST1.1.1.1192.168.2.50x1539No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.617595911 CEST1.1.1.1192.168.2.50x921No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.617595911 CEST1.1.1.1192.168.2.50x921No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.617801905 CEST1.1.1.1192.168.2.50x7dbaNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.713979006 CEST1.1.1.1192.168.2.50x2ab2No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.713979006 CEST1.1.1.1192.168.2.50x2ab2No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:02.714498043 CEST1.1.1.1192.168.2.50xc24aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Aug 24, 2024 22:03:03.078860044 CEST1.1.1.1192.168.2.50xc39dNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:03.078860044 CEST1.1.1.1192.168.2.50xc39dNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:03.120811939 CEST1.1.1.1192.168.2.50x5461No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:04.092600107 CEST1.1.1.1192.168.2.50xae60No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:04.173583984 CEST1.1.1.1192.168.2.50x74fdNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:04.242047071 CEST1.1.1.1192.168.2.50x51c6No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:04.583462000 CEST1.1.1.1192.168.2.50x8922No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:04.583462000 CEST1.1.1.1192.168.2.50x8922No error (0)sni1gl.wpc.nucdn.net152.195.19.97A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:05.103887081 CEST1.1.1.1192.168.2.50xa436No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:05.103887081 CEST1.1.1.1192.168.2.50xa436No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:05.113394022 CEST1.1.1.1192.168.2.50xabd3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:05.159161091 CEST1.1.1.1192.168.2.50x9474No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Aug 24, 2024 22:03:06.518348932 CEST1.1.1.1192.168.2.50x4554No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:06.526979923 CEST1.1.1.1192.168.2.50x4585No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:06.526979923 CEST1.1.1.1192.168.2.50x4585No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:06.530095100 CEST1.1.1.1192.168.2.50x26f3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:06.530095100 CEST1.1.1.1192.168.2.50x26f3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.360306025 CEST1.1.1.1192.168.2.50x7773No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.360306025 CEST1.1.1.1192.168.2.50x7773No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.361478090 CEST1.1.1.1192.168.2.50x50d8No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.361478090 CEST1.1.1.1192.168.2.50x50d8No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.368446112 CEST1.1.1.1192.168.2.50xae9aNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.370846987 CEST1.1.1.1192.168.2.50x7c08No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.732876062 CEST1.1.1.1192.168.2.50x4605No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.732876062 CEST1.1.1.1192.168.2.50x4605No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.732876062 CEST1.1.1.1192.168.2.50x4605No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.732876062 CEST1.1.1.1192.168.2.50x4605No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.741183043 CEST1.1.1.1192.168.2.50x96e3No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.741183043 CEST1.1.1.1192.168.2.50x96e3No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.741183043 CEST1.1.1.1192.168.2.50x96e3No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:31.741183043 CEST1.1.1.1192.168.2.50x96e3No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:33.238950014 CEST1.1.1.1192.168.2.50x9e32No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:33.238950014 CEST1.1.1.1192.168.2.50x9e32No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:03:33.705792904 CEST1.1.1.1192.168.2.50xdeaaNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:03:33.705792904 CEST1.1.1.1192.168.2.50xdeaaNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:04:03.813415051 CEST1.1.1.1192.168.2.50x7529No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:04:03.822576046 CEST1.1.1.1192.168.2.50xca02No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:04:03.843997955 CEST1.1.1.1192.168.2.50x63c9No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Aug 24, 2024 22:04:05.601424932 CEST1.1.1.1192.168.2.50x2d0cNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Aug 24, 2024 22:04:05.601424932 CEST1.1.1.1192.168.2.50x2d0cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • api.edgeoffer.microsoft.com
                                                              • chrome.cloudflare-dns.com
                                                              • fs.microsoft.com
                                                              • https:
                                                                • accounts.youtube.com
                                                                • www.google.com
                                                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              • clients2.googleusercontent.com
                                                              • edgeassetservice.azureedge.net
                                                              • slscr.update.microsoft.com
                                                              • bzib.nelreports.net
                                                              • detectportal.firefox.com

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.54975034.107.221.82807124C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Aug 24, 2024 22:03:05.181071043 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Aug 24, 2024 22:03:05.566099882 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 15:03:14 GMT
                                                              Age: 17991
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Aug 24, 2024 22:03:15.573386908 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:03:25.585283995 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.54976434.107.221.82807124C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Aug 24, 2024 22:03:06.575805902 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Aug 24, 2024 22:03:07.028930902 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 16:25:45 GMT
                                                              Age: 13041
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Aug 24, 2024 22:03:17.037348986 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:03:27.058861971 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.54978634.107.221.82807124C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Aug 24, 2024 22:03:31.846286058 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Aug 24, 2024 22:03:32.312103987 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 15:03:14 GMT
                                                              Age: 18018
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Aug 24, 2024 22:03:33.239684105 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Aug 24, 2024 22:03:33.335057974 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 15:03:14 GMT
                                                              Age: 18019
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Aug 24, 2024 22:03:33.694292068 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Aug 24, 2024 22:03:33.789905071 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 15:03:14 GMT
                                                              Age: 18019
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Aug 24, 2024 22:03:43.796614885 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:03:53.806212902 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:03.960515976 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:04.929068089 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Aug 24, 2024 22:04:05.244499922 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Aug 24, 2024 22:04:05.682861090 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 15:03:14 GMT
                                                              Age: 18051
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Aug 24, 2024 22:04:06.290412903 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Aug 24, 2024 22:04:06.657953978 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 15:03:14 GMT
                                                              Age: 18052
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Aug 24, 2024 22:04:16.669048071 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:26.675570011 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:36.847023010 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:46.869734049 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:56.888333082 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.54978734.107.221.82807124C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Aug 24, 2024 22:03:32.323157072 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Aug 24, 2024 22:03:32.793689013 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 16:44:45 GMT
                                                              Age: 11927
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Aug 24, 2024 22:03:33.338329077 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Aug 24, 2024 22:03:33.438523054 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 16:44:45 GMT
                                                              Age: 11928
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Aug 24, 2024 22:03:33.793107033 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Aug 24, 2024 22:03:33.892081976 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 16:44:45 GMT
                                                              Age: 11928
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Aug 24, 2024 22:03:43.904548883 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:03:53.928771019 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:03.981937885 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:05.787704945 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Aug 24, 2024 22:04:05.885689020 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 16:44:45 GMT
                                                              Age: 11960
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Aug 24, 2024 22:04:06.718195915 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Aug 24, 2024 22:04:06.821379900 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sat, 24 Aug 2024 16:44:45 GMT
                                                              Age: 11961
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Aug 24, 2024 22:04:16.836406946 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:26.852663040 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:37.085266113 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:47.101151943 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Aug 24, 2024 22:04:57.126213074 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.54970894.245.104.564437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:02:59 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                              Host: api.edgeoffer.microsoft.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:02:59 UTC584INHTTP/1.1 200 OK
                                                              Content-Length: 0
                                                              Connection: close
                                                              Content-Type: application/x-protobuf; charset=utf-8
                                                              Date: Sat, 24 Aug 2024 20:02:58 GMT
                                                              Server: Microsoft-IIS/10.0
                                                              Set-Cookie: ARRAffinity=0f60106f5ba8f78edacc2698bdde648fc9ccae752f545c6d9b8d13c2be8a63f2;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                              Set-Cookie: ARRAffinitySameSite=0f60106f5ba8f78edacc2698bdde648fc9ccae752f545c6d9b8d13c2be8a63f2;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                              Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                              X-Powered-By: ASP.NET


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.549731172.64.41.34437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-08-24 20:03:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-08-24 20:03:03 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sat, 24 Aug 2024 20:03:03 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8b85f18c1c5f1889-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-08-24 20:03:03 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0d 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom()


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.549732172.64.41.34437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-08-24 20:03:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-08-24 20:03:03 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sat, 24 Aug 2024 20:03:03 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8b85f18c1e864265-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-08-24 20:03:03 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 c1 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom(c)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.549733162.159.61.34437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-08-24 20:03:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-08-24 20:03:03 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sat, 24 Aug 2024 20:03:03 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8b85f18c19c90f51-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-08-24 20:03:03 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 15 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcomA)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.549727184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:03 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-08-24 20:03:03 UTC466INHTTP/1.1 200 OK
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF70)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-weu-z1
                                                              Cache-Control: public, max-age=74557
                                                              Date: Sat, 24 Aug 2024 20:03:03 GMT
                                                              Connection: close
                                                              X-CID: 2


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.549737172.64.41.34437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-08-24 20:03:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-08-24 20:03:04 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sat, 24 Aug 2024 20:03:04 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8b85f18f19c78c42-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-08-24 20:03:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 03 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcomQ)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.549736162.159.61.34437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-08-24 20:03:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-08-24 20:03:04 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sat, 24 Aug 2024 20:03:04 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8b85f18f1f8942b7-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-08-24 20:03:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 c5 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcomHc)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.549734172.64.41.34437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-08-24 20:03:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-08-24 20:03:04 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sat, 24 Aug 2024 20:03:04 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8b85f18f4f1541ff-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-08-24 20:03:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcomA)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.549739184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:04 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                              Range: bytes=0-2147483646
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-08-24 20:03:04 UTC514INHTTP/1.1 200 OK
                                                              ApiVersion: Distribute 1.1
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF06)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-weu-z1
                                                              Cache-Control: public, max-age=74531
                                                              Date: Sat, 24 Aug 2024 20:03:04 GMT
                                                              Content-Length: 55
                                                              Connection: close
                                                              X-CID: 2
                                                              2024-08-24 20:03:04 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.549744142.251.32.1104437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:04 UTC1080OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1709684001&timestamp=1724529783476 HTTP/1.1
                                                              Host: accounts.youtube.com
                                                              Connection: keep-alive
                                                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                              sec-ch-ua-mobile: ?0
                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                              sec-ch-ua-arch: "x86"
                                                              sec-ch-ua-platform: "Windows"
                                                              sec-ch-ua-platform-version: "10.0.0"
                                                              sec-ch-ua-model: ""
                                                              sec-ch-ua-bitness: "64"
                                                              sec-ch-ua-wow64: ?0
                                                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                              Upgrade-Insecure-Requests: 1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                              Sec-Fetch-Site: cross-site
                                                              Sec-Fetch-Mode: navigate
                                                              Sec-Fetch-Dest: iframe
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:05 UTC1961INHTTP/1.1 200 OK
                                                              Content-Type: text/html; charset=utf-8
                                                              X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                              Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-hPGU2Tw5JPaSxDbKZa-O9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Sat, 24 Aug 2024 20:03:05 GMT
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjMtDikmLw15BikPj6kkkDiJ3SZ7AGAXHSv_OsRUC8JOIi66HEi6yXuy-xXgdiIW6Onz9WbGMTODB7pZCSXlJ-YXxmSmpeSWZJZUp-bmJmXnJ-fnZmanFxalFZalG8kYGRiYGFoYWegUV8gQEAf4kq6w"
                                                              Server: ESF
                                                              X-XSS-Protection: 0
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Accept-Ranges: none
                                                              Vary: Accept-Encoding
                                                              Connection: close
                                                              Transfer-Encoding: chunked
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 37 36 30 34 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 68 50 47 55 32 54 77 35 4a 50 61 53 78 44 62 4b 5a 61 2d 4f 39 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                              Data Ascii: 7604<html><head><script nonce="hPGU2Tw5JPaSxDbKZa-O9g">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c
                                                              Data Ascii: ])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 0a 61 3a 7b 63 3d 61 3b 76 61 72 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 69 66 28 65 29 7b 76 61 72 20 66 3d 65 2d 31 3b 69 66 28 76 61 28 63 5b 66 5d 29 29 7b 64 7c 3d 32 35 36 3b 62 3d 66 2d 28 2b 21 21 28 64 26 35 31 32 29 2d 31 29 3b 69 66 28 62 3e 3d 31 30 32 34 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 71 22 29 3b 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 3b 62 72 65 61 6b 20 61 7d 7d 69 66 28 62 29
                                                              Data Ascii: rror("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:{c=a;var e=c.length;if(e){var f=e-1;if(va(c[f])){d|=256;b=f-(+!!(d&512)-1);if(b>=1024)throw Error("q");d=d&-16760833|(b&1023)<<14;break a}}if(b)
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 29 26 26 28 41 28 6c 29 7c 7c 75 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d 6e 75 6c 6c 29 3b 6c 3d 3d 6e 75 6c 6c 26 26 28 65 3d 21 30 29 3b 6c 21 3d 6e 75 6c 6c 26 26 28 67 5b 6b 5d 3d 6c 29 7d 69 66 28 65 29 7b 66 6f 72 28 76 61 72 20 6d 20 69 6e 20 67 29 62 72 65 61 6b 20 62 3b 67 3d 6e 75 6c 6c 7d 65 6c 73 65 20 67 3d 68 7d 68 3d 67 3d 3d 6e 75 6c 6c 3f 64 21 3d 6e 75 6c 6c 3a 67 21 3d 3d 64 7d 66 6f 72 28 3b 63 3e 30 3b 63 2d 2d 29 7b 6b 3d 0a 66 5b 63 2d 31 5d 3b 69 66 28 21 28 6b 3d 3d 6e 75 6c 6c 7c 7c 41 28 6b 29 7c 7c 75 61 28 6b 29 26 26 6b 2e 73 69 7a 65 3d 3d 3d 30 29 29 62 72 65 61 6b 3b 76 61 72 20 71 3d 21 30 7d 69 66 28 66 21 3d 3d 61 7c 7c 68 7c 7c 71 29 7b 69 66 28 21 62 29 66 3d 41 72 72 61 79 2e 70 72 6f 74 6f
                                                              Data Ascii: )&&(A(l)||ua(l)&&l.size===0)&&(l=null);l==null&&(e=!0);l!=null&&(g[k]=l)}if(e){for(var m in g)break b;g=null}else g=h}h=g==null?d!=null:g!==d}for(;c>0;c--){k=f[c-1];if(!(k==null||A(k)||ua(k)&&k.size===0))break;var q=!0}if(f!==a||h||q){if(!b)f=Array.proto
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 4b 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 64 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 2c 4f 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 63 72 65 61 74
                                                              Data Ascii: return this};return a},F=function(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:Ka(a)};throw Error("d`"+String(a));},Oa=typeof Object.create=="function"?Object.creat
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 3f 64 65 6c 65 74 65 20 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 21 31 7d 3b 72 65 74 75 72 6e 20 67 7d 29 3b 0a 45 28 22 4d 61 70 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 67 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78
                                                              Data Ascii: };g.prototype.delete=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)?delete k[f][this.g]:!1};return g});E("Map",function(a){if(function(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var g=Object.seal({x
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 67 5b 31 5d 3b 72 65 74 75 72 6e 20 4e 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 29 7b 66 6f 72 28 3b 6c 2e 68 65 61 64 21 3d 67 5b 31 5d 3b 29 6c 3d 6c 2e 75 3b 66 6f 72 28 3b 6c 2e 6e 65 78 74 21 3d 6c 2e 68 65 61 64 3b 29 72 65 74 75 72 6e 20 6c 3d 6c 2e 6e 65 78 74 2c 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 6b 28 6c 29 7d 3b 0a 6c 3d 6e 75 6c 6c 7d 72 65 74 75 72 6e 7b 64 6f 6e 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 7d 29 7d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 67 3d 7b 7d 3b 72 65 74 75 72 6e 20 67 2e 75 3d 67 2e
                                                              Data Ascii: :q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var l=g[1];return Na(function(){if(l){for(;l.head!=g[1];)l=l.u;for(;l.next!=l.head;)return l=l.next,{done:!1,value:k(l)};l=null}return{done:!0,value:void 0}})},f=function(){var g={};return g.u=g.
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 6f 74 6f 74 79 70 65 2e 62 69 6e 64 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 6e 61 74 69 76 65 20 63 6f 64 65 22 29 21 3d 2d 31 3f 61 62 3a 62 62 3b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 63 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 31 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 64 3d 63 2e 73 6c 69 63 65 28 29 3b 64 2e 70 75 73 68 2e 61 70 70 6c 79 28 64 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 74 68 69 73 2c 64 29 7d 7d 2c 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 30 2c
                                                              Data Ascii: ototype.bind.toString().indexOf("native code")!=-1?ab:bb;return H.apply(null,arguments)},cb=function(a,b){var c=Array.prototype.slice.call(arguments,1);return function(){var d=c.slice();d.push.apply(d,arguments);return a.apply(this,d)}},db=function(a){(0,
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 61 63 6b 3a 62 7d 3a 28 63 3d 61 2e 6d 65 73 73 61 67 65 2c 63 3d 3d 6e 75 6c 6c 26 26 28 63 3d 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 75 6e 63 74 69 6f 6e 3f 27 55 6e 6b 6e 6f 77 6e 20 45 72 72 6f 72 20 6f 66 20 74 79 70 65 20 22 27 2b 28 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6e 61 6d 65 3f 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6e 61 6d 65 3a 69 62 28 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 29 2b 27 22 27 3a 22 55 6e 6b 6e 6f 77 6e 20 45 72 72 6f 72 20 6f 66 20 75 6e 6b 6e 6f 77 6e 20 74 79 70 65 22 2c 74 79 70 65 6f 66 20 61 2e 74 6f 53 74 72 69 6e 67 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72
                                                              Data Ascii: ack:b}:(c=a.message,c==null&&(c=a.constructor&&a.constructor instanceof Function?'Unknown Error of type "'+(a.constructor.name?a.constructor.name:ib(a.constructor))+'"':"Unknown Error of unknown type",typeof a.toString==="function"&&Object.prototype.toStr
                                                              2024-08-24 20:03:05 UTC1961INData Raw: 2e 73 6c 69 63 65 28 30 2c 64 29 2c 65 2c 61 2e 73 6c 69 63 65 28 63 29 5d 3b 63 3d 61 5b 31 5d 3b 61 5b 31 5d 3d 62 3f 63 3f 63 2b 22 26 22 2b 62 3a 62 3a 63 3b 72 65 74 75 72 6e 20 61 5b 30 5d 2b 28 61 5b 31 5d 3f 22 3f 22 2b 61 5b 31 5d 3a 22 22 29 2b 61 5b 32 5d 7d 2c 70 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 62 29 29 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 62 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 70 62 28 61 2c 53 74 72 69 6e 67 28 62 5b 64 5d 29 2c 63 29 3b 65 6c 73 65 20 62 21 3d 6e 75 6c 6c 26 26 63 2e 70 75 73 68 28 61 2b 28 62 3d 3d 3d 0a 22 22 3f 22 22 3a 22 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 53 74 72 69 6e 67 28 62 29 29 29 29 7d 2c 71 62 3d 66 75
                                                              Data Ascii: .slice(0,d),e,a.slice(c)];c=a[1];a[1]=b?c?c+"&"+b:b:c;return a[0]+(a[1]?"?"+a[1]:"")+a[2]},pb=function(a,b,c){if(Array.isArray(b))for(var d=0;d<b.length;d++)pb(a,String(b[d]),c);else b!=null&&c.push(a+(b===""?"":"="+encodeURIComponent(String(b))))},qb=fu


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.549747152.195.19.974437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:05 UTC616OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725134580&P2=404&P3=2&P4=IrCv9fvasMsdNqcZnk478SAfEzTLqUX1jN6Ci6Dgd%2bgIiEhmRBwKCrmYMTXft%2fdA2pGNj8yaVBflbomjc3i3WA%3d%3d HTTP/1.1
                                                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              Connection: keep-alive
                                                              MS-CV: sobazN6qEySbpAB+y/tcyS
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:05 UTC632INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Age: 4456316
                                                              Cache-Control: public, max-age=17280000
                                                              Content-Type: application/x-chrome-extension
                                                              Date: Sat, 24 Aug 2024 20:03:05 GMT
                                                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                              Server: ECAcc (nyd/D11E)
                                                              X-AspNet-Version: 4.0.30319
                                                              X-AspNetMvc-Version: 5.3
                                                              X-Cache: HIT
                                                              X-CCC: US
                                                              X-CID: 11
                                                              X-Powered-By: ASP.NET
                                                              X-Powered-By: ARR/3.0
                                                              X-Powered-By: ASP.NET
                                                              Content-Length: 11185
                                                              Connection: close
                                                              2024-08-24 20:03:05 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.549748142.250.80.784437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:05 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:05 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Sat, 24 Aug 2024 20:03:05 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.549749142.250.80.784437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:05 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:05 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Sat, 24 Aug 2024 20:03:05 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.549753142.250.64.1004437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:06 UTC881OUTGET /favicon.ico HTTP/1.1
                                                              Host: www.google.com
                                                              Connection: keep-alive
                                                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                              sec-ch-ua-mobile: ?0
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              sec-ch-ua-arch: "x86"
                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                              sec-ch-ua-platform-version: "10.0.0"
                                                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                              sec-ch-ua-bitness: "64"
                                                              sec-ch-ua-model: ""
                                                              sec-ch-ua-wow64: ?0
                                                              sec-ch-ua-platform: "Windows"
                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: image
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:06 UTC705INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                              Content-Length: 5430
                                                              X-Content-Type-Options: nosniff
                                                              Server: sffe
                                                              X-XSS-Protection: 0
                                                              Date: Sat, 24 Aug 2024 18:04:28 GMT
                                                              Expires: Sun, 01 Sep 2024 18:04:28 GMT
                                                              Cache-Control: public, max-age=691200
                                                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                              Content-Type: image/x-icon
                                                              Vary: Accept-Encoding
                                                              Age: 7118
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-08-24 20:03:06 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                              Data Ascii: h& ( 0.v]X:X:rY
                                                              2024-08-24 20:03:06 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                              2024-08-24 20:03:06 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                              2024-08-24 20:03:06 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: BBBBBBF!4I
                                                              2024-08-24 20:03:06 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: $'


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.549752142.251.40.1294437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:06 UTC594OUTGET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                              Host: clients2.googleusercontent.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:06 UTC573INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Content-Length: 135751
                                                              X-GUploader-UploadID: AHxI1nMEdS4dtUha_xadaTRjFdli6S-CqXvUL6e4ySPq8offIpWH1Pzeq0v8KqHCxOhW7ciSUputob7aYg
                                                              X-Goog-Hash: crc32c=IDdmTg==
                                                              Server: UploadServer
                                                              Date: Sat, 24 Aug 2024 15:56:45 GMT
                                                              Expires: Sun, 24 Aug 2025 15:56:45 GMT
                                                              Cache-Control: public, max-age=31536000
                                                              Age: 14781
                                                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                              Content-Type: application/x-chrome-extension
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-08-24 20:03:06 UTC817INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                              2024-08-24 20:03:06 UTC1390INData Raw: fd c7 0f 59 dd ca cf cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d
                                                              Data Ascii: Y0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>
                                                              2024-08-24 20:03:06 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad
                                                              Data Ascii: xPd]DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewW
                                                              2024-08-24 20:03:06 UTC1390INData Raw: d9 73 4a e4 91 70 9d a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d
                                                              Data Ascii: sJp:fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~
                                                              2024-08-24 20:03:06 UTC1390INData Raw: 58 f0 77 67 86 f4 73 f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb
                                                              Data Ascii: Xwgs9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:
                                                              2024-08-24 20:03:06 UTC1390INData Raw: 4d 15 00 a4 81 86 68 ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a
                                                              Data Ascii: Mh3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:
                                                              2024-08-24 20:03:06 UTC1390INData Raw: a0 8e 2c ba 65 e8 66 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82
                                                              Data Ascii: ,ef4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$
                                                              2024-08-24 20:03:06 UTC1390INData Raw: 3f ec fa 62 d7 ae 70 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12
                                                              Data Ascii: ?bpnh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u
                                                              2024-08-24 20:03:06 UTC1390INData Raw: f9 d6 22 50 e1 7c 45 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39
                                                              Data Ascii: "P|E'3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9
                                                              2024-08-24 20:03:06 UTC1390INData Raw: 4e 57 c1 ef e1 60 9a 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f
                                                              Data Ascii: NW`^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gOD


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.54976013.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:07 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: EntityExtractionDomainsConfig
                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                              Sec-Mesh-Client-OS: Windows
                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                              Sec-Mesh-Client-Arch: x86_64
                                                              Sec-Mesh-Client-WebView: 0
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:07 UTC562INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:07 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 70207
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                              ETag: 0x8DCB31E67C22927
                                                              x-ms-request-id: ea88565b-f01e-003d-6c06-f5dd21000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200307Z-15c77d89844fm6cd7bzmz9fe9g0000000dcg00000000q18u
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:07 UTC15822INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                              2024-08-24 20:03:07 UTC16384INData Raw: 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1
                                                              Data Ascii: 0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7
                                                              2024-08-24 20:03:07 UTC16384INData Raw: 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5
                                                              Data Ascii: M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkXpZs>"q
                                                              2024-08-24 20:03:07 UTC16384INData Raw: d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84
                                                              Data Ascii: .7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}e
                                                              2024-08-24 20:03:07 UTC5233INData Raw: 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6
                                                              Data Ascii: yVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.54975913.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:07 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: Shoreline
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:07 UTC563INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:07 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 306698
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                              ETag: 0x8DBC9B5C40EBFF4
                                                              x-ms-request-id: 996e2297-301e-0064-6384-f5d8a7000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200307Z-15c77d898444l99nryxzez31b40000000axg00000000mbdf
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:07 UTC15821INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                              2024-08-24 20:03:07 UTC16384INData Raw: 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44
                                                              Data Ascii: |[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp4'eD
                                                              2024-08-24 20:03:07 UTC16384INData Raw: b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d
                                                              Data Ascii: O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-x$$QifD
                                                              2024-08-24 20:03:07 UTC16384INData Raw: a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08
                                                              Data Ascii: jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo
                                                              2024-08-24 20:03:07 UTC16384INData Raw: 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5
                                                              Data Ascii: k/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-
                                                              2024-08-24 20:03:07 UTC16384INData Raw: 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c
                                                              Data Ascii: M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<
                                                              2024-08-24 20:03:07 UTC16384INData Raw: 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9
                                                              Data Ascii: Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]h
                                                              2024-08-24 20:03:07 UTC16384INData Raw: 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da
                                                              Data Ascii: XdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPT
                                                              2024-08-24 20:03:07 UTC16384INData Raw: b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62
                                                              Data Ascii: ;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@e]?/y+y]b
                                                              2024-08-24 20:03:07 UTC16384INData Raw: c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4
                                                              Data Ascii: /}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>uBRC)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.54976613.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:08 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:08 UTC543INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:08 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1579
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                                              ETag: 0x8DBDCB5DE99522A
                                                              x-ms-request-id: 6f9d5984-401e-0049-05bd-f55b67000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200308Z-15c77d89844lpwvj5ntbmq1cg80000000dhg00000000frzg
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:08 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.54976913.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:08 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:08 UTC543INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:08 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1966
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                              ETag: 0x8DBDCB5EC122A94
                                                              x-ms-request-id: 34f43450-901e-0062-3e89-f52fdf000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200308Z-15c77d89844xdgcbm04vza3uun0000000b7g0000000015zh
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:08 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.54976813.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:08 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:08 UTC543INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:08 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1751
                                                              Connection: close
                                                              Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                              ETag: 0x8DBCEA8D5AACC85
                                                              x-ms-request-id: c5621c3e-101e-001e-7a6a-f5b2ea000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200308Z-15c77d89844kcg9tenmhtd29e40000000afg000000001b3k
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:08 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.54977113.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:08 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:08 UTC543INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:08 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1427
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                              ETag: 0x8DBDCB5EF021F8E
                                                              x-ms-request-id: c872ec7e-501e-0056-326a-f58077000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200308Z-15c77d89844n6dtp5f09y9f4c80000000e8000000000esrk
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:08 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.54977213.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:08 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:08 UTC543INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:08 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 2008
                                                              Connection: close
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                              ETag: 0x8DBC9B5C0C17219
                                                              x-ms-request-id: 9d4d0421-d01e-0003-5e8f-f56b00000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200308Z-15c77d89844khrfk6f44dseews0000000acg000000005k4f
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:08 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.54977013.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:08 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:08 UTC522INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:08 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 2229
                                                              Connection: close
                                                              Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                              ETag: 0x8DBD59359A9E77B
                                                              x-ms-request-id: 91564f5f-a01e-0048-7d5f-f55a9a000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200308Z-15c77d89844n6dtp5f09y9f4c80000000eag0000000045rh
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:08 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.54977313.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:09 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:09 UTC543INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:09 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1154
                                                              Connection: close
                                                              Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                              ETag: 0x8DBD5935D5B3965
                                                              x-ms-request-id: 3757ef32-a01e-0007-2b5f-f59e82000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200309Z-15c77d89844sts2zsstdq8frz40000000c6g00000000nbys
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:09 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.54977413.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:09 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:09 UTC522INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:09 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1468
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                              ETag: 0x8DBDCB5E23DFC43
                                                              x-ms-request-id: 1502b88b-c01e-0058-5c77-f56c7c000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200309Z-15c77d89844n564ch5vmt0hbn00000000d4000000000fr8b
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:09 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.54977513.107.246.414437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:09 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: ProductCategories
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:03:09 UTC538INHTTP/1.1 200 OK
                                                              Date: Sat, 24 Aug 2024 20:03:09 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 82989
                                                              Connection: close
                                                              Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                              ETag: 0x8DB5D5E89CE25EB
                                                              x-ms-request-id: 6a7d865a-c01e-001c-0be2-f5b010000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240824T200309Z-15c77d898445pmpjghgxza2m7n0000000cr0000000008hqs
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-08-24 20:03:09 UTC15846INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                              Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                              2024-08-24 20:03:09 UTC16384INData Raw: 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73
                                                              Data Ascii: System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()Kitchen & Housewares
                                                              2024-08-24 20:03:09 UTC16384INData Raw: 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70 20 4b 69 74 73 0a 3c 08 a5 2a 12 37 0a 13 4d 75 73 69 63 61 6c
                                                              Data Ascii: Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup Kits<*7Musical
                                                              2024-08-24 20:03:09 UTC16384INData Raw: 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e 67 20 26 20 53 68 6f 65 73 12 09 55 6e 64 65 72 77 65 61 72 0a
                                                              Data Ascii: n & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothing & ShoesUnderwear
                                                              2024-08-24 20:03:09 UTC16384INData Raw: 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 23 49 6e 73 74 61 6c 6c 61 74 69
                                                              Data Ascii: OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2Electronics#Installati
                                                              2024-08-24 20:03:09 UTC1607INData Raw: 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 46 75 72 6e 69 74 75 72 65
                                                              Data Ascii: Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home FurnishingsFurniture


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.54977640.127.169.103443
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4huncaPOPBBl4Fy&MD=aaKFEYWL HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-08-24 20:03:14 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                              MS-CorrelationId: 941e6ca5-36c1-4a67-a09f-8ef44c5a1814
                                                              MS-RequestId: 0dc37bd0-f776-402d-840e-de386846494b
                                                              MS-CV: xfHRC42msUugcs5N.0
                                                              X-Microsoft-SLSClientCache: 2880
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Sat, 24 Aug 2024 20:03:13 GMT
                                                              Connection: close
                                                              Content-Length: 24490
                                                              2024-08-24 20:03:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                              2024-08-24 20:03:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              27192.168.2.54979340.127.169.103443
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:03:52 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4huncaPOPBBl4Fy&MD=aaKFEYWL HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-08-24 20:03:52 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                              MS-CorrelationId: 7e4e8d5f-fae9-4f0c-a558-79b658a21d6f
                                                              MS-RequestId: a6ba01d0-baf3-4888-b007-9e6e8bcc2e9e
                                                              MS-CV: sW02nb2s0EK/lpsT.0
                                                              X-Microsoft-SLSClientCache: 1440
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Sat, 24 Aug 2024 20:03:51 GMT
                                                              Connection: close
                                                              Content-Length: 30005
                                                              2024-08-24 20:03:52 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                              2024-08-24 20:03:52 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              28192.168.2.54979523.200.0.424437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:04:00 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                              Host: bzib.nelreports.net
                                                              Connection: keep-alive
                                                              Origin: https://business.bing.com
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: content-type
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:04:00 UTC360INHTTP/1.1 200 OK
                                                              Content-Length: 0
                                                              Access-Control-Allow-Headers: content-type
                                                              Date: Sat, 24 Aug 2024 20:04:00 GMT
                                                              Connection: close
                                                              PMUSER_FORMAT_QS:
                                                              X-CDN-TraceId: 0.2aac2d17.1724529840.c4f089f
                                                              Access-Control-Allow-Credentials: false
                                                              Access-Control-Allow-Methods: *
                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                              Access-Control-Allow-Origin: *


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              29192.168.2.54979623.200.0.424437400C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-24 20:04:01 UTC382OUTPOST /api/report?cat=bingbusiness HTTP/1.1
                                                              Host: bzib.nelreports.net
                                                              Connection: keep-alive
                                                              Content-Length: 466
                                                              Content-Type: application/reports+json
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-08-24 20:04:01 UTC466OUTData Raw: 5b 7b 22 61 67 65 22 3a 36 30 30 30 38 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 39 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 33 2e 31 30 37 2e 36 2e 31 35 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 31 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 75 73 69 6e 65 73 73 2e 62 69 6e
                                                              Data Ascii: [{"age":60008,"body":{"elapsed_time":1191,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"13.107.6.158","status_code":401,"type":"http.error"},"type":"network-error","url":"https://business.bin
                                                              2024-08-24 20:04:01 UTC358INHTTP/1.1 200 OK
                                                              Content-Length: 21
                                                              Content-Type: text/plain; charset=utf-8
                                                              Date: Sat, 24 Aug 2024 20:04:01 GMT
                                                              Connection: close
                                                              PMUSER_FORMAT_QS:
                                                              X-CDN-TraceId: 0.2aac2d17.1724529841.c4f0c9f
                                                              Access-Control-Allow-Credentials: false
                                                              Access-Control-Allow-Methods: *
                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                              Access-Control-Allow-Origin: *
                                                              2024-08-24 20:04:01 UTC21INData Raw: 50 72 6f 63 65 73 73 65 64 20 74 68 65 20 72 65 71 75 65 73 74
                                                              Data Ascii: Processed the request


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:16:02:53
                                                              Start date:24/08/2024
                                                              Path:C:\Users\user\Desktop\file.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                              Imagebase:0x5e0000
                                                              File size:917'504 bytes
                                                              MD5 hash:C7660197BE2AE95B1D523E47A37CCB11
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:16:02:54
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:16:02:54
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff79f9e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:16:02:54
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                              Imagebase:0x7ff79f9e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:5
                                                              Start time:16:02:54
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff79f9e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:7
                                                              Start time:16:02:55
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2212,i,6395724042626035195,6606384849668653806,262144 /prefetch:3
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:8
                                                              Start time:16:02:55
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:9
                                                              Start time:16:02:56
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:3
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:11
                                                              Start time:16:02:59
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2216 -prefMapHandle 2208 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee138101-8735-4392-af58-cbb5f6ca004b} 7124 "\\.\pipe\gecko-crash-server-pipe.7124" 1d40d56fb10 socket
                                                              Imagebase:0x7ff79f9e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:15
                                                              Start time:16:03:01
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6964 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:16
                                                              Start time:16:03:01
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7144 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:17
                                                              Start time:16:03:03
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4152 -parentBuildID 20230927232528 -prefsHandle 4036 -prefMapHandle 1536 -prefsLen 26172 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0faffddc-4c99-437b-8802-7a5511723355} 7124 "\\.\pipe\gecko-crash-server-pipe.7124" 1d40d579b10 rdd
                                                              Imagebase:0x7ff79f9e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:18
                                                              Start time:16:03:04
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7572 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:19
                                                              Start time:16:03:04
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6728 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:20
                                                              Start time:16:03:06
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8416 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:24
                                                              Start time:16:03:56
                                                              Start date:24/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8000 --field-trial-handle=2468,i,17038612502427117312,2219905494535602205,262144 /prefetch:8
                                                              Imagebase:0x7ff6c1cf0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:1.9%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:7.4%
                                                                Total number of Nodes:1407
                                                                Total number of Limit Nodes:41
                                                                execution_graph 94306 622402 94309 5e1410 94306->94309 94310 5e144f mciSendStringW 94309->94310 94311 6224b8 DestroyWindow 94309->94311 94312 5e146b 94310->94312 94313 5e16c6 94310->94313 94323 6224c4 94311->94323 94314 5e1479 94312->94314 94312->94323 94313->94312 94315 5e16d5 UnregisterHotKey 94313->94315 94342 5e182e 94314->94342 94315->94313 94317 6224e2 FindClose 94317->94323 94318 6224d8 94318->94323 94348 5e6246 CloseHandle 94318->94348 94320 622509 94324 62252d 94320->94324 94325 62251c FreeLibrary 94320->94325 94322 5e148e 94322->94324 94332 5e149c 94322->94332 94323->94317 94323->94318 94323->94320 94326 622541 VirtualFree 94324->94326 94333 5e1509 94324->94333 94325->94320 94326->94324 94327 5e14f8 OleUninitialize 94327->94333 94328 5e1514 94330 5e1524 94328->94330 94329 622589 94335 622598 messages 94329->94335 94349 6532eb 6 API calls messages 94329->94349 94346 5e1944 VirtualFreeEx CloseHandle 94330->94346 94332->94327 94333->94328 94333->94329 94338 622627 94335->94338 94350 6464d4 22 API calls messages 94335->94350 94337 5e153a 94337->94335 94339 5e161f 94337->94339 94338->94338 94339->94338 94347 5e1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 94339->94347 94341 5e16c1 94344 5e183b 94342->94344 94343 5e1480 94343->94320 94343->94322 94344->94343 94351 64702a 22 API calls 94344->94351 94346->94337 94347->94341 94348->94318 94349->94329 94350->94335 94351->94344 94352 5ef7bf 94353 5efcb6 94352->94353 94354 5ef7d3 94352->94354 94453 5eaceb 23 API calls messages 94353->94453 94356 5efcc2 94354->94356 94387 5ffddb 94354->94387 94454 5eaceb 23 API calls messages 94356->94454 94359 5ef7e5 94359->94356 94360 5ef83e 94359->94360 94361 5efd3d 94359->94361 94384 5eed9d messages 94360->94384 94397 5f1310 94360->94397 94455 651155 22 API calls 94361->94455 94365 5efef7 94365->94384 94457 5ea8c7 22 API calls __fread_nolock 94365->94457 94367 5ea8c7 22 API calls 94383 5eec76 messages 94367->94383 94368 634600 94368->94384 94456 5ea8c7 22 API calls __fread_nolock 94368->94456 94369 634b0b 94459 65359c 82 API calls __wsopen_s 94369->94459 94375 5efbe3 94377 634bdc 94375->94377 94375->94384 94386 5ef3ae messages 94375->94386 94376 5ea961 22 API calls 94376->94383 94460 65359c 82 API calls __wsopen_s 94377->94460 94379 6000a3 29 API calls pre_c_initialization 94379->94383 94380 600242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94380->94383 94381 634beb 94461 65359c 82 API calls __wsopen_s 94381->94461 94382 5ffddb 22 API calls 94382->94383 94383->94365 94383->94367 94383->94368 94383->94369 94383->94375 94383->94376 94383->94379 94383->94380 94383->94381 94383->94382 94383->94384 94385 6001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94383->94385 94383->94386 94451 5f01e0 185 API calls 2 library calls 94383->94451 94452 5f06a0 41 API calls messages 94383->94452 94385->94383 94386->94384 94458 65359c 82 API calls __wsopen_s 94386->94458 94390 5ffde0 94387->94390 94389 5ffdfa 94389->94359 94390->94389 94392 5ffdfc 94390->94392 94462 60ea0c 94390->94462 94469 604ead 7 API calls 2 library calls 94390->94469 94396 60066d 94392->94396 94470 6032a4 RaiseException 94392->94470 94395 60068a 94395->94359 94471 6032a4 RaiseException 94396->94471 94398 5f1376 94397->94398 94399 5f17b0 94397->94399 94400 636331 94398->94400 94401 5f1390 94398->94401 94532 600242 5 API calls __Init_thread_wait 94399->94532 94543 66709c 185 API calls 94400->94543 94474 5f1940 94401->94474 94405 5f17ba 94408 5f17fb 94405->94408 94533 5e9cb3 94405->94533 94407 63633d 94407->94383 94412 636346 94408->94412 94414 5f182c 94408->94414 94410 5f1940 9 API calls 94411 5f13b6 94410->94411 94411->94408 94413 5f13ec 94411->94413 94544 65359c 82 API calls __wsopen_s 94412->94544 94413->94412 94437 5f1408 __fread_nolock 94413->94437 94540 5eaceb 23 API calls messages 94414->94540 94417 5f17d4 94539 6001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94417->94539 94418 5f1839 94541 5fd217 185 API calls 94418->94541 94421 63636e 94545 65359c 82 API calls __wsopen_s 94421->94545 94422 5f152f 94424 6363d1 94422->94424 94425 5f153c 94422->94425 94547 665745 54 API calls _wcslen 94424->94547 94427 5f1940 9 API calls 94425->94427 94428 5f1549 94427->94428 94432 6364fa 94428->94432 94434 5f1940 9 API calls 94428->94434 94429 5ffddb 22 API calls 94429->94437 94430 5f1872 94542 5ffaeb 23 API calls 94430->94542 94441 636369 94432->94441 94549 65359c 82 API calls __wsopen_s 94432->94549 94439 5f1563 94434->94439 94437->94418 94437->94421 94437->94422 94437->94429 94438 6363b2 94437->94438 94437->94441 94497 5ffe0b 94437->94497 94507 5eec40 94437->94507 94546 65359c 82 API calls __wsopen_s 94438->94546 94439->94432 94444 5f15c7 messages 94439->94444 94548 5ea8c7 22 API calls __fread_nolock 94439->94548 94441->94383 94443 5f1940 9 API calls 94443->94444 94444->94430 94444->94432 94444->94441 94444->94443 94446 5f167b messages 94444->94446 94484 66ac5b 94444->94484 94487 66a2ea 94444->94487 94492 655c5a 94444->94492 94445 5f171d 94445->94383 94446->94445 94531 5fce17 22 API calls messages 94446->94531 94451->94383 94452->94383 94453->94356 94454->94361 94455->94384 94456->94384 94457->94384 94458->94384 94459->94384 94460->94381 94461->94384 94467 613820 _abort 94462->94467 94463 61385e 94473 60f2d9 20 API calls _abort 94463->94473 94465 613849 RtlAllocateHeap 94466 61385c 94465->94466 94465->94467 94466->94390 94467->94463 94467->94465 94472 604ead 7 API calls 2 library calls 94467->94472 94469->94390 94470->94396 94471->94395 94472->94467 94473->94466 94475 5f1981 94474->94475 94478 5f195d 94474->94478 94550 600242 5 API calls __Init_thread_wait 94475->94550 94483 5f13a0 94478->94483 94552 600242 5 API calls __Init_thread_wait 94478->94552 94479 5f198b 94479->94478 94551 6001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94479->94551 94480 5f8727 94480->94483 94553 6001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94480->94553 94483->94410 94554 66ad64 94484->94554 94486 66ac6f 94486->94444 94488 5e7510 53 API calls 94487->94488 94489 66a306 94488->94489 94618 64d4dc CreateToolhelp32Snapshot Process32FirstW 94489->94618 94491 66a315 94491->94444 94493 5e7510 53 API calls 94492->94493 94494 655c6d 94493->94494 94639 64dbbe lstrlenW 94494->94639 94496 655c77 94496->94444 94500 5ffddb 94497->94500 94498 60ea0c ___std_exception_copy 21 API calls 94498->94500 94499 5ffdfa 94499->94437 94500->94498 94500->94499 94503 5ffdfc 94500->94503 94644 604ead 7 API calls 2 library calls 94500->94644 94502 60066d 94646 6032a4 RaiseException 94502->94646 94503->94502 94645 6032a4 RaiseException 94503->94645 94506 60068a 94506->94437 94509 5eec76 messages 94507->94509 94508 6000a3 29 API calls pre_c_initialization 94508->94509 94509->94508 94510 634beb 94509->94510 94511 5ffddb 22 API calls 94509->94511 94514 5efef7 94509->94514 94515 634600 94509->94515 94516 634b0b 94509->94516 94520 600242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94509->94520 94521 5ea8c7 22 API calls 94509->94521 94524 5efbe3 94509->94524 94525 5eed9d messages 94509->94525 94526 5ea961 22 API calls 94509->94526 94529 6001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94509->94529 94530 5ef3ae messages 94509->94530 94647 5f01e0 185 API calls 2 library calls 94509->94647 94648 5f06a0 41 API calls messages 94509->94648 94654 65359c 82 API calls __wsopen_s 94510->94654 94511->94509 94514->94525 94650 5ea8c7 22 API calls __fread_nolock 94514->94650 94515->94525 94649 5ea8c7 22 API calls __fread_nolock 94515->94649 94652 65359c 82 API calls __wsopen_s 94516->94652 94520->94509 94521->94509 94524->94525 94527 634bdc 94524->94527 94524->94530 94525->94437 94526->94509 94653 65359c 82 API calls __wsopen_s 94527->94653 94529->94509 94530->94525 94651 65359c 82 API calls __wsopen_s 94530->94651 94531->94446 94532->94405 94534 5e9cc2 _wcslen 94533->94534 94535 5ffe0b 22 API calls 94534->94535 94536 5e9cea __fread_nolock 94535->94536 94537 5ffddb 22 API calls 94536->94537 94538 5e9d00 94537->94538 94538->94417 94539->94408 94540->94418 94541->94430 94542->94430 94543->94407 94544->94441 94545->94441 94546->94441 94547->94439 94548->94444 94549->94441 94550->94479 94551->94478 94552->94480 94553->94483 94582 5ea961 94554->94582 94556 66adce 94559 66adee 94556->94559 94562 5e7510 53 API calls 94556->94562 94557 66ad77 ___scrt_fastfail 94557->94556 94558 5e7510 53 API calls 94557->94558 94561 66adab 94558->94561 94560 66ae3a 94559->94560 94564 5e7510 53 API calls 94559->94564 94565 66ae4d ___scrt_fastfail 94560->94565 94613 5eb567 39 API calls 94560->94613 94561->94556 94567 5e7510 53 API calls 94561->94567 94563 66ade4 94562->94563 94611 5e7620 22 API calls _wcslen 94563->94611 94573 66ae04 94564->94573 94587 5e7510 94565->94587 94569 66adc4 94567->94569 94610 5e7620 22 API calls _wcslen 94569->94610 94573->94560 94574 5e7510 53 API calls 94573->94574 94575 66ae28 94574->94575 94575->94560 94612 5ea8c7 22 API calls __fread_nolock 94575->94612 94576 66aeb0 94578 66aec8 94576->94578 94579 66af35 GetProcessId 94576->94579 94578->94486 94580 66af48 94579->94580 94581 66af58 CloseHandle 94580->94581 94581->94578 94583 5ffe0b 22 API calls 94582->94583 94584 5ea976 94583->94584 94585 5ffddb 22 API calls 94584->94585 94586 5ea984 94585->94586 94586->94557 94588 5e7525 94587->94588 94605 5e7522 ShellExecuteExW 94587->94605 94589 5e752d 94588->94589 94590 5e755b 94588->94590 94614 6051c6 26 API calls 94589->94614 94592 6250f6 94590->94592 94595 5e756d 94590->94595 94596 62500f 94590->94596 94617 605183 26 API calls 94592->94617 94593 5e753d 94600 5ffddb 22 API calls 94593->94600 94615 5ffb21 51 API calls 94595->94615 94601 625088 94596->94601 94604 5ffe0b 22 API calls 94596->94604 94598 62510e 94598->94598 94602 5e7547 94600->94602 94616 5ffb21 51 API calls 94601->94616 94603 5e9cb3 22 API calls 94602->94603 94603->94605 94607 625058 94604->94607 94605->94576 94606 5ffddb 22 API calls 94608 62507f 94606->94608 94607->94606 94609 5e9cb3 22 API calls 94608->94609 94609->94601 94610->94556 94611->94559 94612->94560 94613->94565 94614->94593 94615->94593 94616->94592 94617->94598 94628 64def7 94618->94628 94620 64d529 Process32NextW 94621 64d5db FindCloseChangeNotification 94620->94621 94622 64d522 94620->94622 94621->94491 94622->94620 94622->94621 94623 5ea961 22 API calls 94622->94623 94624 5e9cb3 22 API calls 94622->94624 94634 5e525f 22 API calls 94622->94634 94635 5e6350 22 API calls 94622->94635 94636 5fce60 41 API calls 94622->94636 94623->94622 94624->94622 94633 64df02 94628->94633 94629 64df19 94638 6062fb 39 API calls _strftime 94629->94638 94632 64df1f 94632->94622 94633->94629 94633->94632 94637 6063b2 GetStringTypeW _strftime 94633->94637 94634->94622 94635->94622 94636->94622 94637->94633 94638->94632 94640 64dc06 94639->94640 94641 64dbdc GetFileAttributesW 94639->94641 94640->94496 94641->94640 94642 64dbe8 FindFirstFileW 94641->94642 94642->94640 94643 64dbf9 FindClose 94642->94643 94643->94640 94644->94500 94645->94502 94646->94506 94647->94509 94648->94509 94649->94525 94650->94525 94651->94525 94652->94525 94653->94510 94654->94525 94655 618402 94660 6181be 94655->94660 94659 61842a 94665 6181ef try_get_first_available_module 94660->94665 94662 6183ee 94679 6127ec 26 API calls __fread_nolock 94662->94679 94664 618343 94664->94659 94672 620984 94664->94672 94668 618338 94665->94668 94675 608e0b 40 API calls 2 library calls 94665->94675 94667 61838c 94667->94668 94676 608e0b 40 API calls 2 library calls 94667->94676 94668->94664 94678 60f2d9 20 API calls _abort 94668->94678 94670 6183ab 94670->94668 94677 608e0b 40 API calls 2 library calls 94670->94677 94680 620081 94672->94680 94674 62099f 94674->94659 94675->94667 94676->94670 94677->94668 94678->94662 94679->94664 94683 62008d CallCatchBlock 94680->94683 94681 62009b 94738 60f2d9 20 API calls _abort 94681->94738 94683->94681 94685 6200d4 94683->94685 94684 6200a0 94739 6127ec 26 API calls __fread_nolock 94684->94739 94691 62065b 94685->94691 94690 6200aa __fread_nolock 94690->94674 94741 62042f 94691->94741 94694 6206a6 94759 615221 94694->94759 94695 62068d 94773 60f2c6 20 API calls _abort 94695->94773 94698 6206ab 94700 6206b4 94698->94700 94701 6206cb 94698->94701 94699 620692 94774 60f2d9 20 API calls _abort 94699->94774 94775 60f2c6 20 API calls _abort 94700->94775 94772 62039a CreateFileW 94701->94772 94705 6206b9 94776 60f2d9 20 API calls _abort 94705->94776 94707 620781 GetFileType 94708 6207d3 94707->94708 94709 62078c GetLastError 94707->94709 94781 61516a 21 API calls 3 library calls 94708->94781 94779 60f2a3 20 API calls 2 library calls 94709->94779 94710 620756 GetLastError 94778 60f2a3 20 API calls 2 library calls 94710->94778 94713 620704 94713->94707 94713->94710 94777 62039a CreateFileW 94713->94777 94714 62079a CloseHandle 94714->94699 94716 6207c3 94714->94716 94780 60f2d9 20 API calls _abort 94716->94780 94718 620749 94718->94707 94718->94710 94720 6207f4 94724 620840 94720->94724 94782 6205ab 72 API calls 4 library calls 94720->94782 94721 6207c8 94721->94699 94726 62086d 94724->94726 94783 62014d 72 API calls 4 library calls 94724->94783 94725 620866 94725->94726 94727 62087e 94725->94727 94784 6186ae 94726->94784 94729 6200f8 94727->94729 94730 6208fc CloseHandle 94727->94730 94740 620121 LeaveCriticalSection __wsopen_s 94729->94740 94799 62039a CreateFileW 94730->94799 94732 620927 94733 62095d 94732->94733 94734 620931 GetLastError 94732->94734 94733->94729 94800 60f2a3 20 API calls 2 library calls 94734->94800 94736 62093d 94801 615333 21 API calls 3 library calls 94736->94801 94738->94684 94739->94690 94740->94690 94742 620450 94741->94742 94743 62046a 94741->94743 94742->94743 94809 60f2d9 20 API calls _abort 94742->94809 94802 6203bf 94743->94802 94746 62045f 94810 6127ec 26 API calls __fread_nolock 94746->94810 94748 6204a2 94749 6204d1 94748->94749 94811 60f2d9 20 API calls _abort 94748->94811 94752 620524 94749->94752 94813 60d70d 26 API calls 2 library calls 94749->94813 94752->94694 94752->94695 94753 62051f 94753->94752 94755 62059e 94753->94755 94754 6204c6 94812 6127ec 26 API calls __fread_nolock 94754->94812 94814 6127fc 11 API calls _abort 94755->94814 94758 6205aa 94760 61522d CallCatchBlock 94759->94760 94817 612f5e EnterCriticalSection 94760->94817 94762 615234 94763 615259 94762->94763 94768 6152c7 EnterCriticalSection 94762->94768 94769 61527b 94762->94769 94821 615000 94763->94821 94766 6152a4 __fread_nolock 94766->94698 94768->94769 94770 6152d4 LeaveCriticalSection 94768->94770 94818 61532a 94769->94818 94770->94762 94772->94713 94773->94699 94774->94729 94775->94705 94776->94699 94777->94718 94778->94699 94779->94714 94780->94721 94781->94720 94782->94724 94783->94725 94841 6153c4 94784->94841 94786 6186c4 94854 615333 21 API calls 3 library calls 94786->94854 94788 6186be 94788->94786 94789 6153c4 __wsopen_s 26 API calls 94788->94789 94798 6186f6 94788->94798 94791 6186ed 94789->94791 94790 6153c4 __wsopen_s 26 API calls 94792 618702 FindCloseChangeNotification 94790->94792 94795 6153c4 __wsopen_s 26 API calls 94791->94795 94792->94786 94796 61870e GetLastError 94792->94796 94793 61873e 94793->94729 94794 61871c 94794->94793 94855 60f2a3 20 API calls 2 library calls 94794->94855 94795->94798 94796->94786 94798->94786 94798->94790 94799->94732 94800->94736 94801->94733 94804 6203d7 94802->94804 94803 6203f2 94803->94748 94804->94803 94815 60f2d9 20 API calls _abort 94804->94815 94806 620416 94816 6127ec 26 API calls __fread_nolock 94806->94816 94808 620421 94808->94748 94809->94746 94810->94743 94811->94754 94812->94749 94813->94753 94814->94758 94815->94806 94816->94808 94817->94762 94829 612fa6 LeaveCriticalSection 94818->94829 94820 615331 94820->94766 94830 614c7d 94821->94830 94823 61501f 94838 6129c8 20 API calls _free 94823->94838 94824 615012 94824->94823 94837 613405 11 API calls 2 library calls 94824->94837 94827 615071 94827->94769 94828 615147 EnterCriticalSection 94827->94828 94828->94769 94829->94820 94836 614c8a _abort 94830->94836 94831 614cca 94840 60f2d9 20 API calls _abort 94831->94840 94832 614cb5 RtlAllocateHeap 94834 614cc8 94832->94834 94832->94836 94834->94824 94836->94831 94836->94832 94839 604ead 7 API calls 2 library calls 94836->94839 94837->94824 94838->94827 94839->94836 94840->94834 94842 6153d1 94841->94842 94843 6153e6 94841->94843 94856 60f2c6 20 API calls _abort 94842->94856 94848 61540b 94843->94848 94858 60f2c6 20 API calls _abort 94843->94858 94845 6153d6 94857 60f2d9 20 API calls _abort 94845->94857 94848->94788 94849 615416 94859 60f2d9 20 API calls _abort 94849->94859 94850 6153de 94850->94788 94852 61541e 94860 6127ec 26 API calls __fread_nolock 94852->94860 94854->94794 94855->94793 94856->94845 94857->94850 94858->94849 94859->94852 94860->94850 94861 632a00 94876 5ed7b0 messages 94861->94876 94862 5edb11 PeekMessageW 94862->94876 94863 5ed807 GetInputState 94863->94862 94863->94876 94864 631cbe TranslateAcceleratorW 94864->94876 94866 5edb8f PeekMessageW 94866->94876 94867 5eda04 timeGetTime 94867->94876 94868 5edb73 TranslateMessage DispatchMessageW 94868->94866 94869 5edbaf Sleep 94887 5edbc0 94869->94887 94870 632b74 Sleep 94870->94887 94871 5fe551 timeGetTime 94871->94887 94872 631dda timeGetTime 94960 5fe300 23 API calls 94872->94960 94873 64d4dc 47 API calls 94873->94887 94875 632c0b GetExitCodeProcess 94880 632c21 WaitForSingleObject 94875->94880 94881 632c37 CloseHandle 94875->94881 94876->94862 94876->94863 94876->94864 94876->94866 94876->94867 94876->94868 94876->94869 94876->94870 94876->94872 94877 5ed9d5 94876->94877 94889 5eec40 185 API calls 94876->94889 94890 5f1310 185 API calls 94876->94890 94893 5edd50 94876->94893 94900 5edfd0 185 API calls 3 library calls 94876->94900 94901 5ebf40 94876->94901 94959 5fedf6 IsDialogMessageW GetClassLongW 94876->94959 94961 653a2a 23 API calls 94876->94961 94962 65359c 82 API calls __wsopen_s 94876->94962 94878 6729bf GetForegroundWindow 94878->94887 94880->94876 94880->94881 94881->94887 94882 632a31 94882->94877 94883 632ca9 Sleep 94883->94876 94887->94871 94887->94873 94887->94875 94887->94876 94887->94877 94887->94878 94887->94882 94887->94883 94963 665658 23 API calls 94887->94963 94964 64e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 94887->94964 94889->94876 94890->94876 94894 5edd6f 94893->94894 94895 5edd83 94893->94895 94965 5ed260 94894->94965 94997 65359c 82 API calls __wsopen_s 94895->94997 94898 5edd7a 94898->94876 94899 632f75 94899->94899 94900->94876 95005 5eadf0 94901->95005 94903 5ebf9d 94904 6304b6 94903->94904 94905 5ebfa9 94903->94905 95024 65359c 82 API calls __wsopen_s 94904->95024 94907 5ec01e 94905->94907 94908 6304c6 94905->94908 95010 5eac91 94907->95010 95025 65359c 82 API calls __wsopen_s 94908->95025 94911 63055a 94943 5ec603 94911->94943 95027 65359c 82 API calls __wsopen_s 94911->95027 94913 647120 22 API calls 94957 5ec039 __fread_nolock messages 94913->94957 94916 6304f5 94916->94911 95026 5fd217 185 API calls 94916->95026 94917 5ec7da 94918 5ffe0b 22 API calls 94917->94918 94922 5ec808 __fread_nolock 94918->94922 94924 5ffe0b 22 API calls 94922->94924 94923 5ffddb 22 API calls 94923->94957 94956 5ec350 __fread_nolock messages 94924->94956 94925 5eaf8a 22 API calls 94925->94957 94926 63091a 95037 653209 23 API calls 94926->95037 94929 5eec40 185 API calls 94929->94957 94930 6308a5 94931 5eec40 185 API calls 94930->94931 94933 6308cf 94931->94933 94933->94943 95035 5ea81b 41 API calls 94933->95035 94934 630591 95028 65359c 82 API calls __wsopen_s 94934->95028 94935 6308f6 95036 65359c 82 API calls __wsopen_s 94935->95036 94941 5ec237 94942 5ec253 94941->94942 95038 5ea8c7 22 API calls __fread_nolock 94941->95038 94946 630976 94942->94946 94949 5ec297 messages 94942->94949 94943->94876 94944 5ffe0b 22 API calls 94944->94957 95039 5eaceb 23 API calls messages 94946->95039 94952 6309bf 94949->94952 95021 5eaceb 23 API calls messages 94949->95021 94951 5ec335 94951->94952 94953 5ec342 94951->94953 94952->94943 95040 65359c 82 API calls __wsopen_s 94952->95040 95022 5ea704 22 API calls messages 94953->95022 94954 5ebbe0 40 API calls 94954->94957 94958 5ec3ac 94956->94958 95023 5fce17 22 API calls messages 94956->95023 94957->94911 94957->94913 94957->94916 94957->94917 94957->94922 94957->94923 94957->94925 94957->94926 94957->94929 94957->94930 94957->94934 94957->94935 94957->94941 94957->94943 94957->94944 94957->94952 94957->94954 95014 5ead81 94957->95014 95029 647099 22 API calls __fread_nolock 94957->95029 95030 665745 54 API calls _wcslen 94957->95030 95031 5faa42 22 API calls messages 94957->95031 95032 64f05c 40 API calls 94957->95032 95033 5ea993 41 API calls 94957->95033 95034 5eaceb 23 API calls messages 94957->95034 94958->94876 94959->94876 94960->94876 94961->94876 94962->94876 94963->94887 94964->94887 94966 5eec40 185 API calls 94965->94966 94985 5ed29d 94966->94985 94967 631bc4 95004 65359c 82 API calls __wsopen_s 94967->95004 94969 5ed30b messages 94969->94898 94970 5ed3c3 94972 5ed3ce 94970->94972 94973 5ed6d5 94970->94973 94971 5ed5ff 94974 631bb5 94971->94974 94975 5ed614 94971->94975 94977 5ffddb 22 API calls 94972->94977 94973->94969 94981 5ffe0b 22 API calls 94973->94981 95003 665705 23 API calls 94974->95003 94979 5ffddb 22 API calls 94975->94979 94976 5ed4b8 94982 5ffe0b 22 API calls 94976->94982 94986 5ed3d5 __fread_nolock 94977->94986 94990 5ed46a 94979->94990 94980 5ffddb 22 API calls 94980->94985 94981->94986 94992 5ed429 __fread_nolock messages 94982->94992 94983 5ffddb 22 API calls 94984 5ed3f6 94983->94984 94984->94992 94998 5ebec0 185 API calls 94984->94998 94985->94967 94985->94969 94985->94970 94985->94973 94985->94976 94985->94980 94985->94992 94986->94983 94986->94984 94988 631ba4 95002 65359c 82 API calls __wsopen_s 94988->95002 94990->94898 94992->94971 94992->94988 94992->94990 94993 631b7f 94992->94993 94995 631b5d 94992->94995 94999 5e1f6f 185 API calls 94992->94999 95001 65359c 82 API calls __wsopen_s 94993->95001 95000 65359c 82 API calls __wsopen_s 94995->95000 94997->94899 94998->94992 94999->94992 95000->94990 95001->94990 95002->94990 95003->94967 95004->94969 95006 5eae01 95005->95006 95009 5eae1c messages 95005->95009 95041 5eaec9 95006->95041 95008 5eae09 CharUpperBuffW 95008->95009 95009->94903 95011 5eacae 95010->95011 95012 5eacd1 95011->95012 95047 65359c 82 API calls __wsopen_s 95011->95047 95012->94957 95015 62fadb 95014->95015 95016 5ead92 95014->95016 95017 5ffddb 22 API calls 95016->95017 95018 5ead99 95017->95018 95048 5eadcd 95018->95048 95021->94951 95022->94956 95023->94956 95024->94908 95025->94943 95026->94911 95027->94943 95028->94943 95029->94957 95030->94957 95031->94957 95032->94957 95033->94957 95034->94957 95035->94935 95036->94943 95037->94941 95038->94942 95039->94952 95040->94943 95042 5eaedc 95041->95042 95046 5eaed9 __fread_nolock 95041->95046 95043 5ffddb 22 API calls 95042->95043 95044 5eaee7 95043->95044 95045 5ffe0b 22 API calls 95044->95045 95045->95046 95046->95008 95047->95012 95052 5eaddd 95048->95052 95049 5eadb6 95049->94957 95050 5ffddb 22 API calls 95050->95052 95051 5ea961 22 API calls 95051->95052 95052->95049 95052->95050 95052->95051 95054 5eadcd 22 API calls 95052->95054 95055 5ea8c7 22 API calls __fread_nolock 95052->95055 95054->95052 95055->95052 95056 5e105b 95061 5e344d 95056->95061 95058 5e106a 95092 6000a3 29 API calls __onexit 95058->95092 95060 5e1074 95062 5e345d __wsopen_s 95061->95062 95063 5ea961 22 API calls 95062->95063 95064 5e3513 95063->95064 95093 5e3a5a 95064->95093 95066 5e351c 95100 5e3357 95066->95100 95073 5ea961 22 API calls 95074 5e354d 95073->95074 95121 5ea6c3 95074->95121 95077 623176 RegQueryValueExW 95078 623193 95077->95078 95079 62320c RegCloseKey 95077->95079 95080 5ffe0b 22 API calls 95078->95080 95081 5e3578 95079->95081 95091 62321e _wcslen 95079->95091 95082 6231ac 95080->95082 95081->95058 95127 5e5722 95082->95127 95085 5e4c6d 22 API calls 95085->95091 95086 6231d4 95130 5e6b57 95086->95130 95088 6231ee messages 95088->95079 95089 5e9cb3 22 API calls 95089->95091 95090 5e515f 22 API calls 95090->95091 95091->95081 95091->95085 95091->95089 95091->95090 95092->95060 95142 621f50 95093->95142 95096 5e9cb3 22 API calls 95097 5e3a8d 95096->95097 95144 5e3aa2 95097->95144 95099 5e3a97 95099->95066 95101 621f50 __wsopen_s 95100->95101 95102 5e3364 GetFullPathNameW 95101->95102 95103 5e3386 95102->95103 95104 5e6b57 22 API calls 95103->95104 95105 5e33a4 95104->95105 95106 5e33c6 95105->95106 95107 5e33dd 95106->95107 95108 6230bb 95106->95108 95162 5e33ee 95107->95162 95110 5ffddb 22 API calls 95108->95110 95112 6230c5 _wcslen 95110->95112 95111 5e33e8 95115 5e515f 95111->95115 95113 5ffe0b 22 API calls 95112->95113 95114 6230fe __fread_nolock 95113->95114 95116 5e516e 95115->95116 95120 5e518f __fread_nolock 95115->95120 95118 5ffe0b 22 API calls 95116->95118 95117 5ffddb 22 API calls 95119 5e3544 95117->95119 95118->95120 95119->95073 95120->95117 95122 5ea6dd 95121->95122 95126 5e3556 RegOpenKeyExW 95121->95126 95123 5ffddb 22 API calls 95122->95123 95124 5ea6e7 95123->95124 95125 5ffe0b 22 API calls 95124->95125 95125->95126 95126->95077 95126->95081 95128 5ffddb 22 API calls 95127->95128 95129 5e5734 RegQueryValueExW 95128->95129 95129->95086 95129->95088 95131 624ba1 95130->95131 95132 5e6b67 _wcslen 95130->95132 95133 5e93b2 22 API calls 95131->95133 95135 5e6b7d 95132->95135 95136 5e6ba2 95132->95136 95134 624baa 95133->95134 95134->95134 95177 5e6f34 22 API calls 95135->95177 95138 5ffddb 22 API calls 95136->95138 95140 5e6bae 95138->95140 95139 5e6b85 __fread_nolock 95139->95088 95141 5ffe0b 22 API calls 95140->95141 95141->95139 95143 5e3a67 GetModuleFileNameW 95142->95143 95143->95096 95145 621f50 __wsopen_s 95144->95145 95146 5e3aaf GetFullPathNameW 95145->95146 95147 5e3ace 95146->95147 95148 5e3ae9 95146->95148 95149 5e6b57 22 API calls 95147->95149 95150 5ea6c3 22 API calls 95148->95150 95151 5e3ada 95149->95151 95150->95151 95154 5e37a0 95151->95154 95155 5e37ae 95154->95155 95158 5e93b2 95155->95158 95157 5e37c2 95157->95099 95159 5e93c9 __fread_nolock 95158->95159 95160 5e93c0 95158->95160 95159->95157 95160->95159 95161 5eaec9 22 API calls 95160->95161 95161->95159 95163 5e33fe _wcslen 95162->95163 95164 62311d 95163->95164 95165 5e3411 95163->95165 95166 5ffddb 22 API calls 95164->95166 95172 5ea587 95165->95172 95168 623127 95166->95168 95170 5ffe0b 22 API calls 95168->95170 95169 5e341e __fread_nolock 95169->95111 95171 623157 __fread_nolock 95170->95171 95173 5ea59d 95172->95173 95176 5ea598 __fread_nolock 95172->95176 95174 62f80f 95173->95174 95175 5ffe0b 22 API calls 95173->95175 95175->95176 95176->95169 95177->95139 95178 5e1098 95183 5e42de 95178->95183 95182 5e10a7 95184 5ea961 22 API calls 95183->95184 95185 5e42f5 GetVersionExW 95184->95185 95186 5e6b57 22 API calls 95185->95186 95187 5e4342 95186->95187 95188 5e93b2 22 API calls 95187->95188 95200 5e4378 95187->95200 95189 5e436c 95188->95189 95191 5e37a0 22 API calls 95189->95191 95190 5e441b GetCurrentProcess IsWow64Process 95192 5e4437 95190->95192 95191->95200 95193 5e444f LoadLibraryA 95192->95193 95194 623824 GetSystemInfo 95192->95194 95195 5e449c GetSystemInfo 95193->95195 95196 5e4460 GetProcAddress 95193->95196 95198 5e4476 95195->95198 95196->95195 95197 5e4470 GetNativeSystemInfo 95196->95197 95197->95198 95201 5e447a FreeLibrary 95198->95201 95202 5e109d 95198->95202 95199 6237df 95200->95190 95200->95199 95201->95202 95203 6000a3 29 API calls __onexit 95202->95203 95203->95182 95204 622ba5 95205 5e2b25 95204->95205 95206 622baf 95204->95206 95232 5e2b83 7 API calls 95205->95232 95208 5e3a5a 24 API calls 95206->95208 95210 622bb8 95208->95210 95212 5e9cb3 22 API calls 95210->95212 95214 622bc6 95212->95214 95213 5e2b2f 95215 5e2b44 95213->95215 95236 5e3837 95213->95236 95216 622bf5 95214->95216 95217 622bce 95214->95217 95223 5e2b5f 95215->95223 95246 5e30f2 95215->95246 95219 5e33c6 22 API calls 95216->95219 95218 5e33c6 22 API calls 95217->95218 95221 622bd9 95218->95221 95230 622bf1 GetForegroundWindow ShellExecuteW 95219->95230 95250 5e6350 22 API calls 95221->95250 95229 5e2b66 SetCurrentDirectoryW 95223->95229 95225 622be7 95228 5e33c6 22 API calls 95225->95228 95227 622c26 95227->95223 95228->95230 95231 5e2b7a 95229->95231 95230->95227 95251 5e2cd4 7 API calls 95232->95251 95234 5e2b2a 95235 5e2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95234->95235 95235->95213 95237 5e3862 ___scrt_fastfail 95236->95237 95252 5e4212 95237->95252 95240 5e38e8 95242 623386 Shell_NotifyIconW 95240->95242 95243 5e3906 Shell_NotifyIconW 95240->95243 95256 5e3923 95243->95256 95245 5e391c 95245->95215 95247 5e3154 95246->95247 95248 5e3104 ___scrt_fastfail 95246->95248 95247->95223 95249 5e3123 Shell_NotifyIconW 95248->95249 95249->95247 95250->95225 95251->95234 95253 6235a4 95252->95253 95254 5e38b7 95252->95254 95253->95254 95255 6235ad DestroyIcon 95253->95255 95254->95240 95278 64c874 42 API calls _strftime 95254->95278 95255->95254 95257 5e393f 95256->95257 95258 5e3a13 95256->95258 95279 5e6270 95257->95279 95258->95245 95261 623393 LoadStringW 95264 6233ad 95261->95264 95262 5e395a 95263 5e6b57 22 API calls 95262->95263 95265 5e396f 95263->95265 95272 5e3994 ___scrt_fastfail 95264->95272 95285 5ea8c7 22 API calls __fread_nolock 95264->95285 95266 5e397c 95265->95266 95267 6233c9 95265->95267 95266->95264 95269 5e3986 95266->95269 95286 5e6350 22 API calls 95267->95286 95284 5e6350 22 API calls 95269->95284 95275 5e39f9 Shell_NotifyIconW 95272->95275 95273 6233d7 95273->95272 95274 5e33c6 22 API calls 95273->95274 95276 6233f9 95274->95276 95275->95258 95277 5e33c6 22 API calls 95276->95277 95277->95272 95278->95240 95280 5ffe0b 22 API calls 95279->95280 95281 5e6295 95280->95281 95282 5ffddb 22 API calls 95281->95282 95283 5e394d 95282->95283 95283->95261 95283->95262 95284->95272 95285->95272 95286->95273 95287 5e3156 95290 5e3170 95287->95290 95291 5e3187 95290->95291 95292 5e318c 95291->95292 95293 5e31eb 95291->95293 95331 5e31e9 95291->95331 95297 5e3199 95292->95297 95298 5e3265 PostQuitMessage 95292->95298 95295 622dfb 95293->95295 95296 5e31f1 95293->95296 95294 5e31d0 DefWindowProcW 95304 5e316a 95294->95304 95338 5e18e2 10 API calls 95295->95338 95299 5e321d SetTimer RegisterWindowMessageW 95296->95299 95300 5e31f8 95296->95300 95302 5e31a4 95297->95302 95303 622e7c 95297->95303 95298->95304 95299->95304 95308 5e3246 CreatePopupMenu 95299->95308 95305 622d9c 95300->95305 95306 5e3201 KillTimer 95300->95306 95309 5e31ae 95302->95309 95310 622e68 95302->95310 95342 64bf30 34 API calls ___scrt_fastfail 95303->95342 95312 622da1 95305->95312 95313 622dd7 MoveWindow 95305->95313 95314 5e30f2 Shell_NotifyIconW 95306->95314 95307 622e1c 95339 5fe499 42 API calls 95307->95339 95308->95304 95317 5e31b9 95309->95317 95318 622e4d 95309->95318 95341 64c161 27 API calls ___scrt_fastfail 95310->95341 95320 622dc6 SetFocus 95312->95320 95321 622da7 95312->95321 95313->95304 95322 5e3214 95314->95322 95324 5e31c4 95317->95324 95325 5e3253 95317->95325 95318->95294 95340 640ad7 22 API calls 95318->95340 95319 622e8e 95319->95294 95319->95304 95320->95304 95321->95324 95326 622db0 95321->95326 95335 5e3c50 DeleteObject DestroyWindow 95322->95335 95323 5e3263 95323->95304 95324->95294 95332 5e30f2 Shell_NotifyIconW 95324->95332 95336 5e326f 44 API calls ___scrt_fastfail 95325->95336 95337 5e18e2 10 API calls 95326->95337 95331->95294 95333 622e41 95332->95333 95334 5e3837 49 API calls 95333->95334 95334->95331 95335->95304 95336->95323 95337->95304 95338->95307 95339->95324 95340->95331 95341->95323 95342->95319 95343 5e2e37 95344 5ea961 22 API calls 95343->95344 95345 5e2e4d 95344->95345 95422 5e4ae3 95345->95422 95347 5e2e6b 95348 5e3a5a 24 API calls 95347->95348 95349 5e2e7f 95348->95349 95350 5e9cb3 22 API calls 95349->95350 95351 5e2e8c 95350->95351 95436 5e4ecb 95351->95436 95354 622cb0 95476 652cf9 95354->95476 95355 5e2ead 95458 5ea8c7 22 API calls __fread_nolock 95355->95458 95357 622cc3 95358 622ccf 95357->95358 95502 5e4f39 95357->95502 95363 5e4f39 68 API calls 95358->95363 95361 5e2ec3 95459 5e6f88 22 API calls 95361->95459 95365 622ce5 95363->95365 95364 5e2ecf 95366 5e9cb3 22 API calls 95364->95366 95508 5e3084 22 API calls 95365->95508 95367 5e2edc 95366->95367 95460 5ea81b 41 API calls 95367->95460 95369 5e2eec 95372 5e9cb3 22 API calls 95369->95372 95371 622d02 95509 5e3084 22 API calls 95371->95509 95374 5e2f12 95372->95374 95461 5ea81b 41 API calls 95374->95461 95375 622d1e 95377 5e3a5a 24 API calls 95375->95377 95378 622d44 95377->95378 95510 5e3084 22 API calls 95378->95510 95379 5e2f21 95382 5ea961 22 API calls 95379->95382 95381 622d50 95511 5ea8c7 22 API calls __fread_nolock 95381->95511 95384 5e2f3f 95382->95384 95462 5e3084 22 API calls 95384->95462 95385 622d5e 95512 5e3084 22 API calls 95385->95512 95388 5e2f4b 95463 604a28 40 API calls 3 library calls 95388->95463 95390 622d6d 95513 5ea8c7 22 API calls __fread_nolock 95390->95513 95391 5e2f59 95391->95365 95392 5e2f63 95391->95392 95464 604a28 40 API calls 3 library calls 95392->95464 95395 5e2f6e 95395->95371 95398 5e2f78 95395->95398 95396 622d83 95514 5e3084 22 API calls 95396->95514 95465 604a28 40 API calls 3 library calls 95398->95465 95399 622d90 95401 5e2f83 95401->95375 95402 5e2f8d 95401->95402 95466 604a28 40 API calls 3 library calls 95402->95466 95404 5e2f98 95405 5e2fdc 95404->95405 95467 5e3084 22 API calls 95404->95467 95405->95390 95406 5e2fe8 95405->95406 95406->95399 95470 5e63eb 22 API calls 95406->95470 95409 5e2fbf 95468 5ea8c7 22 API calls __fread_nolock 95409->95468 95411 5e2ff8 95471 5e6a50 22 API calls 95411->95471 95412 5e2fcd 95469 5e3084 22 API calls 95412->95469 95415 5e3006 95472 5e70b0 23 API calls 95415->95472 95419 5e3021 95420 5e3065 95419->95420 95473 5e6f88 22 API calls 95419->95473 95474 5e70b0 23 API calls 95419->95474 95475 5e3084 22 API calls 95419->95475 95423 5e4af0 __wsopen_s 95422->95423 95424 5e6b57 22 API calls 95423->95424 95425 5e4b22 95423->95425 95424->95425 95434 5e4b58 95425->95434 95515 5e4c6d 95425->95515 95427 5e9cb3 22 API calls 95429 5e4c52 95427->95429 95428 5e9cb3 22 API calls 95428->95434 95430 5e515f 22 API calls 95429->95430 95433 5e4c5e 95430->95433 95431 5e4c6d 22 API calls 95431->95434 95432 5e515f 22 API calls 95432->95434 95433->95347 95434->95428 95434->95431 95434->95432 95435 5e4c29 95434->95435 95435->95427 95435->95433 95518 5e4e90 LoadLibraryA 95436->95518 95441 5e4ef6 LoadLibraryExW 95526 5e4e59 LoadLibraryA 95441->95526 95442 623ccf 95443 5e4f39 68 API calls 95442->95443 95445 623cd6 95443->95445 95447 5e4e59 3 API calls 95445->95447 95449 623cde 95447->95449 95548 5e50f5 40 API calls __fread_nolock 95449->95548 95450 5e4f20 95450->95449 95451 5e4f2c 95450->95451 95453 5e4f39 68 API calls 95451->95453 95454 5e2ea5 95453->95454 95454->95354 95454->95355 95455 623cf5 95549 6528fe 27 API calls 95455->95549 95457 623d05 95458->95361 95459->95364 95460->95369 95461->95379 95462->95388 95463->95391 95464->95395 95465->95401 95466->95404 95467->95409 95468->95412 95469->95405 95470->95411 95471->95415 95472->95419 95473->95419 95474->95419 95475->95419 95477 652d15 95476->95477 95614 5e511f 64 API calls 95477->95614 95479 652d29 95615 652e66 75 API calls 95479->95615 95481 652d3b 95499 652d3f 95481->95499 95616 5e50f5 40 API calls __fread_nolock 95481->95616 95483 652d56 95617 5e50f5 40 API calls __fread_nolock 95483->95617 95485 652d66 95618 5e50f5 40 API calls __fread_nolock 95485->95618 95487 652d81 95619 5e50f5 40 API calls __fread_nolock 95487->95619 95489 652d9c 95620 5e511f 64 API calls 95489->95620 95491 652db3 95492 60ea0c ___std_exception_copy 21 API calls 95491->95492 95493 652dba 95492->95493 95494 60ea0c ___std_exception_copy 21 API calls 95493->95494 95495 652dc4 95494->95495 95621 5e50f5 40 API calls __fread_nolock 95495->95621 95497 652dd8 95622 6528fe 27 API calls 95497->95622 95499->95357 95500 652dee 95500->95499 95623 6522ce 95500->95623 95503 5e4f43 95502->95503 95505 5e4f4a 95502->95505 95504 60e678 67 API calls 95503->95504 95504->95505 95506 5e4f6a FreeLibrary 95505->95506 95507 5e4f59 95505->95507 95506->95507 95507->95358 95508->95371 95509->95375 95510->95381 95511->95385 95512->95390 95513->95396 95514->95399 95516 5eaec9 22 API calls 95515->95516 95517 5e4c78 95516->95517 95517->95425 95519 5e4ea8 GetProcAddress 95518->95519 95520 5e4ec6 95518->95520 95521 5e4eb8 95519->95521 95523 60e5eb 95520->95523 95521->95520 95522 5e4ebf FreeLibrary 95521->95522 95522->95520 95550 60e52a 95523->95550 95525 5e4eea 95525->95441 95525->95442 95527 5e4e6e GetProcAddress 95526->95527 95528 5e4e8d 95526->95528 95529 5e4e7e 95527->95529 95531 5e4f80 95528->95531 95529->95528 95530 5e4e86 FreeLibrary 95529->95530 95530->95528 95532 5ffe0b 22 API calls 95531->95532 95533 5e4f95 95532->95533 95534 5e5722 22 API calls 95533->95534 95535 5e4fa1 __fread_nolock 95534->95535 95536 5e50a5 95535->95536 95537 623d1d 95535->95537 95547 5e4fdc 95535->95547 95603 5e42a2 CreateStreamOnHGlobal 95536->95603 95611 65304d 74 API calls 95537->95611 95540 623d22 95612 5e511f 64 API calls 95540->95612 95543 623d45 95613 5e50f5 40 API calls __fread_nolock 95543->95613 95546 5e506e messages 95546->95450 95547->95540 95547->95546 95609 5e50f5 40 API calls __fread_nolock 95547->95609 95610 5e511f 64 API calls 95547->95610 95548->95455 95549->95457 95553 60e536 CallCatchBlock 95550->95553 95551 60e544 95575 60f2d9 20 API calls _abort 95551->95575 95553->95551 95555 60e574 95553->95555 95554 60e549 95576 6127ec 26 API calls __fread_nolock 95554->95576 95557 60e586 95555->95557 95558 60e579 95555->95558 95567 618061 95557->95567 95577 60f2d9 20 API calls _abort 95558->95577 95561 60e58f 95562 60e5a2 95561->95562 95563 60e595 95561->95563 95579 60e5d4 LeaveCriticalSection __fread_nolock 95562->95579 95578 60f2d9 20 API calls _abort 95563->95578 95565 60e554 __fread_nolock 95565->95525 95568 61806d CallCatchBlock 95567->95568 95580 612f5e EnterCriticalSection 95568->95580 95570 61807b 95581 6180fb 95570->95581 95574 6180ac __fread_nolock 95574->95561 95575->95554 95576->95565 95577->95565 95578->95565 95579->95565 95580->95570 95589 61811e 95581->95589 95582 618177 95583 614c7d _abort 20 API calls 95582->95583 95584 618180 95583->95584 95599 6129c8 20 API calls _free 95584->95599 95587 618189 95593 618088 95587->95593 95600 613405 11 API calls 2 library calls 95587->95600 95589->95582 95589->95593 95597 60918d EnterCriticalSection 95589->95597 95598 6091a1 LeaveCriticalSection 95589->95598 95591 6181a8 95601 60918d EnterCriticalSection 95591->95601 95594 6180b7 95593->95594 95602 612fa6 LeaveCriticalSection 95594->95602 95596 6180be 95596->95574 95597->95589 95598->95589 95599->95587 95600->95591 95601->95593 95602->95596 95604 5e42bc FindResourceExW 95603->95604 95605 5e42d9 95603->95605 95604->95605 95606 6235ba LoadResource 95604->95606 95605->95547 95606->95605 95607 6235cf SizeofResource 95606->95607 95607->95605 95608 6235e3 LockResource 95607->95608 95608->95605 95609->95547 95610->95547 95611->95540 95612->95543 95613->95546 95614->95479 95615->95481 95616->95483 95617->95485 95618->95487 95619->95489 95620->95491 95621->95497 95622->95500 95624 6522d9 95623->95624 95625 6522e7 95623->95625 95626 60e5eb 29 API calls 95624->95626 95627 65232c 95625->95627 95628 60e5eb 29 API calls 95625->95628 95639 6522f0 95625->95639 95626->95625 95652 652557 40 API calls __fread_nolock 95627->95652 95629 652311 95628->95629 95629->95627 95631 65231a 95629->95631 95631->95639 95660 60e678 95631->95660 95632 652370 95633 652395 95632->95633 95634 652374 95632->95634 95653 652171 95633->95653 95635 652381 95634->95635 95638 60e678 67 API calls 95634->95638 95635->95639 95641 60e678 67 API calls 95635->95641 95638->95635 95639->95499 95640 65239d 95642 6523c3 95640->95642 95645 6523a3 95640->95645 95641->95639 95673 6523f3 74 API calls 95642->95673 95644 6523b0 95644->95639 95647 60e678 67 API calls 95644->95647 95645->95644 95646 60e678 67 API calls 95645->95646 95646->95644 95647->95639 95648 6523ca 95649 6523de 95648->95649 95650 60e678 67 API calls 95648->95650 95649->95639 95651 60e678 67 API calls 95649->95651 95650->95649 95651->95639 95652->95632 95654 60ea0c ___std_exception_copy 21 API calls 95653->95654 95655 65217f 95654->95655 95656 60ea0c ___std_exception_copy 21 API calls 95655->95656 95657 652190 95656->95657 95658 60ea0c ___std_exception_copy 21 API calls 95657->95658 95659 65219c 95658->95659 95659->95640 95661 60e684 CallCatchBlock 95660->95661 95662 60e695 95661->95662 95663 60e6aa 95661->95663 95691 60f2d9 20 API calls _abort 95662->95691 95672 60e6a5 __fread_nolock 95663->95672 95674 60918d EnterCriticalSection 95663->95674 95665 60e69a 95692 6127ec 26 API calls __fread_nolock 95665->95692 95668 60e6c6 95675 60e602 95668->95675 95670 60e6d1 95693 60e6ee LeaveCriticalSection __fread_nolock 95670->95693 95672->95639 95673->95648 95674->95668 95676 60e624 95675->95676 95677 60e60f 95675->95677 95684 60e61f 95676->95684 95694 60dc0b 95676->95694 95726 60f2d9 20 API calls _abort 95677->95726 95680 60e614 95727 6127ec 26 API calls __fread_nolock 95680->95727 95684->95670 95687 60e646 95711 61862f 95687->95711 95691->95665 95692->95672 95693->95672 95695 60dc1f 95694->95695 95696 60dc23 95694->95696 95700 614d7a 95695->95700 95696->95695 95697 60d955 __fread_nolock 26 API calls 95696->95697 95698 60dc43 95697->95698 95729 6159be 62 API calls 5 library calls 95698->95729 95701 614d90 95700->95701 95703 60e640 95700->95703 95701->95703 95730 6129c8 20 API calls _free 95701->95730 95704 60d955 95703->95704 95705 60d961 95704->95705 95706 60d976 95704->95706 95731 60f2d9 20 API calls _abort 95705->95731 95706->95687 95708 60d966 95732 6127ec 26 API calls __fread_nolock 95708->95732 95710 60d971 95710->95687 95712 618653 95711->95712 95713 61863e 95711->95713 95714 61868e 95712->95714 95718 61867a 95712->95718 95736 60f2c6 20 API calls _abort 95713->95736 95738 60f2c6 20 API calls _abort 95714->95738 95717 618643 95737 60f2d9 20 API calls _abort 95717->95737 95733 618607 95718->95733 95719 618693 95739 60f2d9 20 API calls _abort 95719->95739 95723 60e64c 95723->95684 95728 6129c8 20 API calls _free 95723->95728 95724 61869b 95740 6127ec 26 API calls __fread_nolock 95724->95740 95726->95680 95727->95684 95728->95684 95729->95695 95730->95703 95731->95708 95732->95710 95741 618585 95733->95741 95735 61862b 95735->95723 95736->95717 95737->95723 95738->95719 95739->95724 95740->95723 95742 618591 CallCatchBlock 95741->95742 95752 615147 EnterCriticalSection 95742->95752 95744 61859f 95745 6185d1 95744->95745 95746 6185c6 95744->95746 95753 60f2d9 20 API calls _abort 95745->95753 95747 6186ae __wsopen_s 29 API calls 95746->95747 95749 6185cc 95747->95749 95754 6185fb LeaveCriticalSection __wsopen_s 95749->95754 95751 6185ee __fread_nolock 95751->95735 95752->95744 95753->95749 95754->95751 95755 5e1033 95760 5e4c91 95755->95760 95759 5e1042 95761 5ea961 22 API calls 95760->95761 95762 5e4cff 95761->95762 95768 5e3af0 95762->95768 95765 5e4d9c 95766 5e1038 95765->95766 95771 5e51f7 22 API calls __fread_nolock 95765->95771 95767 6000a3 29 API calls __onexit 95766->95767 95767->95759 95772 5e3b1c 95768->95772 95771->95765 95773 5e3b29 95772->95773 95774 5e3b0f 95772->95774 95773->95774 95775 5e3b30 RegOpenKeyExW 95773->95775 95774->95765 95775->95774 95776 5e3b4a RegQueryValueExW 95775->95776 95777 5e3b6b 95776->95777 95778 5e3b80 RegCloseKey 95776->95778 95777->95778 95778->95774 95779 5e1cad SystemParametersInfoW 95780 633f75 95791 5fceb1 95780->95791 95782 633f8b 95784 634006 95782->95784 95800 5fe300 23 API calls 95782->95800 95785 5ebf40 185 API calls 95784->95785 95787 634052 95785->95787 95789 634a88 95787->95789 95802 65359c 82 API calls __wsopen_s 95787->95802 95788 633fe6 95788->95787 95801 651abf 22 API calls 95788->95801 95792 5fcebf 95791->95792 95793 5fced2 95791->95793 95803 5eaceb 23 API calls messages 95792->95803 95795 5fced7 95793->95795 95796 5fcf05 95793->95796 95798 5ffddb 22 API calls 95795->95798 95804 5eaceb 23 API calls messages 95796->95804 95799 5fcec9 95798->95799 95799->95782 95800->95788 95801->95784 95802->95789 95803->95799 95804->95799 95805 5e1044 95810 5e10f3 95805->95810 95807 5e104a 95846 6000a3 29 API calls __onexit 95807->95846 95809 5e1054 95847 5e1398 95810->95847 95814 5e116a 95815 5ea961 22 API calls 95814->95815 95816 5e1174 95815->95816 95817 5ea961 22 API calls 95816->95817 95818 5e117e 95817->95818 95819 5ea961 22 API calls 95818->95819 95820 5e1188 95819->95820 95821 5ea961 22 API calls 95820->95821 95822 5e11c6 95821->95822 95823 5ea961 22 API calls 95822->95823 95824 5e1292 95823->95824 95857 5e171c 95824->95857 95828 5e12c4 95829 5ea961 22 API calls 95828->95829 95830 5e12ce 95829->95830 95831 5f1940 9 API calls 95830->95831 95832 5e12f9 95831->95832 95878 5e1aab 95832->95878 95834 5e1315 95835 5e1325 GetStdHandle 95834->95835 95836 5e137a 95835->95836 95837 622485 95835->95837 95841 5e1387 OleInitialize 95836->95841 95837->95836 95838 62248e 95837->95838 95839 5ffddb 22 API calls 95838->95839 95840 622495 95839->95840 95885 65011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95840->95885 95841->95807 95843 62249e 95886 650944 CreateThread 95843->95886 95845 6224aa CloseHandle 95845->95836 95846->95809 95887 5e13f1 95847->95887 95850 5e13f1 22 API calls 95851 5e13d0 95850->95851 95852 5ea961 22 API calls 95851->95852 95853 5e13dc 95852->95853 95854 5e6b57 22 API calls 95853->95854 95855 5e1129 95854->95855 95856 5e1bc3 6 API calls 95855->95856 95856->95814 95858 5ea961 22 API calls 95857->95858 95859 5e172c 95858->95859 95860 5ea961 22 API calls 95859->95860 95861 5e1734 95860->95861 95862 5ea961 22 API calls 95861->95862 95863 5e174f 95862->95863 95864 5ffddb 22 API calls 95863->95864 95865 5e129c 95864->95865 95866 5e1b4a 95865->95866 95867 5e1b58 95866->95867 95868 5ea961 22 API calls 95867->95868 95869 5e1b63 95868->95869 95870 5ea961 22 API calls 95869->95870 95871 5e1b6e 95870->95871 95872 5ea961 22 API calls 95871->95872 95873 5e1b79 95872->95873 95874 5ea961 22 API calls 95873->95874 95875 5e1b84 95874->95875 95876 5ffddb 22 API calls 95875->95876 95877 5e1b96 RegisterWindowMessageW 95876->95877 95877->95828 95879 5e1abb 95878->95879 95880 62272d 95878->95880 95881 5ffddb 22 API calls 95879->95881 95894 653209 23 API calls 95880->95894 95884 5e1ac3 95881->95884 95883 622738 95884->95834 95885->95843 95886->95845 95895 65092a 28 API calls 95886->95895 95888 5ea961 22 API calls 95887->95888 95889 5e13fc 95888->95889 95890 5ea961 22 API calls 95889->95890 95891 5e1404 95890->95891 95892 5ea961 22 API calls 95891->95892 95893 5e13c6 95892->95893 95893->95850 95894->95883 95896 6003fb 95897 600407 CallCatchBlock 95896->95897 95925 5ffeb1 95897->95925 95899 60040e 95900 600561 95899->95900 95903 600438 95899->95903 95955 60083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95900->95955 95902 600568 95948 604e52 95902->95948 95914 600477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95903->95914 95936 61247d 95903->95936 95910 600457 95912 6004d8 95944 600959 95912->95944 95914->95912 95951 604e1a 38 API calls 3 library calls 95914->95951 95916 6004de 95917 6004f3 95916->95917 95952 600992 GetModuleHandleW 95917->95952 95919 6004fa 95919->95902 95920 6004fe 95919->95920 95921 600507 95920->95921 95953 604df5 28 API calls _abort 95920->95953 95954 600040 13 API calls 2 library calls 95921->95954 95924 60050f 95924->95910 95926 5ffeba 95925->95926 95957 600698 IsProcessorFeaturePresent 95926->95957 95928 5ffec6 95958 602c94 10 API calls 3 library calls 95928->95958 95930 5ffecb 95935 5ffecf 95930->95935 95959 612317 95930->95959 95933 5ffee6 95933->95899 95935->95899 95939 612494 95936->95939 95937 600a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95938 600451 95937->95938 95938->95910 95940 612421 95938->95940 95939->95937 95941 612450 95940->95941 95942 600a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95941->95942 95943 612479 95942->95943 95943->95914 96010 602340 95944->96010 95947 60097f 95947->95916 96012 604bcf 95948->96012 95951->95912 95952->95919 95953->95921 95954->95924 95955->95902 95957->95928 95958->95930 95963 61d1f6 95959->95963 95962 602cbd 8 API calls 3 library calls 95962->95935 95966 61d213 95963->95966 95967 61d20f 95963->95967 95965 5ffed8 95965->95933 95965->95962 95966->95967 95969 614bfb 95966->95969 95981 600a8c 95967->95981 95970 614c07 CallCatchBlock 95969->95970 95988 612f5e EnterCriticalSection 95970->95988 95972 614c0e 95989 6150af 95972->95989 95974 614c1d 95980 614c2c 95974->95980 96002 614a8f 29 API calls 95974->96002 95977 614c27 96003 614b45 GetStdHandle GetFileType 95977->96003 95978 614c3d __fread_nolock 95978->95966 96004 614c48 LeaveCriticalSection _abort 95980->96004 95982 600a95 95981->95982 95983 600a97 IsProcessorFeaturePresent 95981->95983 95982->95965 95985 600c5d 95983->95985 96009 600c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95985->96009 95987 600d40 95987->95965 95988->95972 95990 6150bb CallCatchBlock 95989->95990 95991 6150c8 95990->95991 95992 6150df 95990->95992 96006 60f2d9 20 API calls _abort 95991->96006 96005 612f5e EnterCriticalSection 95992->96005 95995 6150cd 96007 6127ec 26 API calls __fread_nolock 95995->96007 95997 615117 96008 61513e LeaveCriticalSection _abort 95997->96008 95998 6150d7 __fread_nolock 95998->95974 95999 6150eb 95999->95997 96001 615000 __wsopen_s 21 API calls 95999->96001 96001->95999 96002->95977 96003->95980 96004->95978 96005->95999 96006->95995 96007->95998 96008->95998 96009->95987 96011 60096c GetStartupInfoW 96010->96011 96011->95947 96013 604bdb _unexpected 96012->96013 96014 604be2 96013->96014 96015 604bf4 96013->96015 96051 604d29 GetModuleHandleW 96014->96051 96036 612f5e EnterCriticalSection 96015->96036 96018 604be7 96018->96015 96052 604d6d GetModuleHandleExW 96018->96052 96022 604bfb 96024 604c70 96022->96024 96034 604c99 96022->96034 96037 6121a8 96022->96037 96025 604c88 96024->96025 96029 612421 _abort 5 API calls 96024->96029 96030 612421 _abort 5 API calls 96025->96030 96026 604ce2 96060 621d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 96026->96060 96027 604cb6 96043 604ce8 96027->96043 96029->96025 96030->96034 96040 604cd9 96034->96040 96036->96022 96061 611ee1 96037->96061 96081 612fa6 LeaveCriticalSection 96040->96081 96042 604cb2 96042->96026 96042->96027 96082 61360c 96043->96082 96046 604d16 96049 604d6d _abort 8 API calls 96046->96049 96047 604cf6 GetPEB 96047->96046 96048 604d06 GetCurrentProcess TerminateProcess 96047->96048 96048->96046 96050 604d1e ExitProcess 96049->96050 96051->96018 96053 604d97 GetProcAddress 96052->96053 96054 604dba 96052->96054 96059 604dac 96053->96059 96055 604dc0 FreeLibrary 96054->96055 96056 604dc9 96054->96056 96055->96056 96057 600a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96056->96057 96058 604bf3 96057->96058 96058->96015 96059->96054 96064 611e90 96061->96064 96063 611f05 96063->96024 96065 611e9c CallCatchBlock 96064->96065 96072 612f5e EnterCriticalSection 96065->96072 96067 611eaa 96073 611f31 96067->96073 96071 611ec8 __fread_nolock 96071->96063 96072->96067 96074 611f51 96073->96074 96077 611f59 96073->96077 96075 600a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96074->96075 96076 611eb7 96075->96076 96079 611ed5 LeaveCriticalSection _abort 96076->96079 96077->96074 96080 6129c8 20 API calls _free 96077->96080 96079->96071 96080->96074 96081->96042 96083 613631 96082->96083 96084 613627 96082->96084 96089 612fd7 5 API calls 2 library calls 96083->96089 96086 600a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96084->96086 96087 604cf2 96086->96087 96087->96046 96087->96047 96088 613648 96088->96084 96089->96088 96090 5e2de3 96091 5e2df0 __wsopen_s 96090->96091 96092 5e2e09 96091->96092 96093 622c2b ___scrt_fastfail 96091->96093 96094 5e3aa2 23 API calls 96092->96094 96096 622c47 GetOpenFileNameW 96093->96096 96095 5e2e12 96094->96095 96106 5e2da5 96095->96106 96098 622c96 96096->96098 96100 5e6b57 22 API calls 96098->96100 96102 622cab 96100->96102 96102->96102 96103 5e2e27 96124 5e44a8 96103->96124 96107 621f50 __wsopen_s 96106->96107 96108 5e2db2 GetLongPathNameW 96107->96108 96109 5e6b57 22 API calls 96108->96109 96110 5e2dda 96109->96110 96111 5e3598 96110->96111 96112 5ea961 22 API calls 96111->96112 96113 5e35aa 96112->96113 96114 5e3aa2 23 API calls 96113->96114 96115 5e35b5 96114->96115 96116 5e35c0 96115->96116 96120 6232eb 96115->96120 96117 5e515f 22 API calls 96116->96117 96119 5e35cc 96117->96119 96153 5e35f3 96119->96153 96122 62330d 96120->96122 96159 5fce60 41 API calls 96120->96159 96123 5e35df 96123->96103 96125 5e4ecb 94 API calls 96124->96125 96126 5e44cd 96125->96126 96127 623833 96126->96127 96129 5e4ecb 94 API calls 96126->96129 96128 652cf9 80 API calls 96127->96128 96130 623848 96128->96130 96131 5e44e1 96129->96131 96132 623869 96130->96132 96133 62384c 96130->96133 96131->96127 96134 5e44e9 96131->96134 96136 5ffe0b 22 API calls 96132->96136 96135 5e4f39 68 API calls 96133->96135 96137 623854 96134->96137 96138 5e44f5 96134->96138 96135->96137 96144 6238ae 96136->96144 96161 64da5a 82 API calls 96137->96161 96160 5e940c 136 API calls 2 library calls 96138->96160 96141 5e2e31 96142 623862 96142->96132 96143 5e4f39 68 API calls 96147 623a5f 96143->96147 96144->96147 96150 5e9cb3 22 API calls 96144->96150 96162 64967e 22 API calls __fread_nolock 96144->96162 96163 6495ad 42 API calls _wcslen 96144->96163 96164 650b5a 22 API calls 96144->96164 96165 5ea4a1 22 API calls __fread_nolock 96144->96165 96166 5e3ff7 22 API calls 96144->96166 96147->96143 96167 64989b 82 API calls __wsopen_s 96147->96167 96150->96144 96154 5e3605 96153->96154 96158 5e3624 __fread_nolock 96153->96158 96156 5ffe0b 22 API calls 96154->96156 96155 5ffddb 22 API calls 96157 5e363b 96155->96157 96156->96158 96157->96123 96158->96155 96159->96120 96160->96141 96161->96142 96162->96144 96163->96144 96164->96144 96165->96144 96166->96144 96167->96147

                                                                Executed Functions

                                                                Function 005E42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 234 5e42de-5e434d call 5ea961 GetVersionExW call 5e6b57 239 623617-62362a 234->239 240 5e4353 234->240 242 62362b-62362f 239->242 241 5e4355-5e4357 240->241 243 5e435d-5e43bc call 5e93b2 call 5e37a0 241->243 244 623656 241->244 245 623632-62363e 242->245 246 623631 242->246 262 5e43c2-5e43c4 243->262 263 6237df-6237e6 243->263 249 62365d-623660 244->249 245->242 248 623640-623642 245->248 246->245 248->241 251 623648-62364f 248->251 252 623666-6236a8 249->252 253 5e441b-5e4435 GetCurrentProcess IsWow64Process 249->253 251->239 255 623651 251->255 252->253 256 6236ae-6236b1 252->256 258 5e4437 253->258 259 5e4494-5e449a 253->259 255->244 260 6236b3-6236bd 256->260 261 6236db-6236e5 256->261 264 5e443d-5e4449 258->264 259->264 267 6236ca-6236d6 260->267 268 6236bf-6236c5 260->268 270 6236e7-6236f3 261->270 271 6236f8-623702 261->271 262->249 269 5e43ca-5e43dd 262->269 272 623806-623809 263->272 273 6237e8 263->273 265 5e444f-5e445e LoadLibraryA 264->265 266 623824-623828 GetSystemInfo 264->266 274 5e449c-5e44a6 GetSystemInfo 265->274 275 5e4460-5e446e GetProcAddress 265->275 267->253 268->253 276 623726-62372f 269->276 277 5e43e3-5e43e5 269->277 270->253 279 623704-623710 271->279 280 623715-623721 271->280 281 6237f4-6237fc 272->281 282 62380b-62381a 272->282 278 6237ee 273->278 284 5e4476-5e4478 274->284 275->274 283 5e4470-5e4474 GetNativeSystemInfo 275->283 287 623731-623737 276->287 288 62373c-623748 276->288 285 5e43eb-5e43ee 277->285 286 62374d-623762 277->286 278->281 279->253 280->253 281->272 282->278 289 62381c-623822 282->289 283->284 292 5e447a-5e447b FreeLibrary 284->292 293 5e4481-5e4493 284->293 294 623791-623794 285->294 295 5e43f4-5e440f 285->295 290 623764-62376a 286->290 291 62376f-62377b 286->291 287->253 288->253 289->281 290->253 291->253 292->293 294->253 296 62379a-6237c1 294->296 297 623780-62378c 295->297 298 5e4415 295->298 299 6237c3-6237c9 296->299 300 6237ce-6237da 296->300 297->253 298->253 299->253 300->253
                                                                APIs
                                                                • GetVersionExW.KERNEL32(?), ref: 005E430D
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                • GetCurrentProcess.KERNEL32(?,0067CB64,00000000,?,?), ref: 005E4422
                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 005E4429
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 005E4454
                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 005E4466
                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 005E4474
                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 005E447B
                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 005E44A0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                • API String ID: 3290436268-3101561225
                                                                • Opcode ID: 24937ed19702f929b80a7f563b3026ecc23dcc6fd55559186e9931d6c0edfa82
                                                                • Instruction ID: 5cb65155926873ff61b3fc0082a406ae2abecca53917b86f6bb85c08fadbd97b
                                                                • Opcode Fuzzy Hash: 24937ed19702f929b80a7f563b3026ecc23dcc6fd55559186e9931d6c0edfa82
                                                                • Instruction Fuzzy Hash: 77A1A3E191A7E0EFCB15C76978601D97FE77B27300B986AA9D0819BB61F32445C4CF21
                                                                Function 005E42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 638 5e42a2-5e42ba CreateStreamOnHGlobal 639 5e42bc-5e42d3 FindResourceExW 638->639 640 5e42da-5e42dd 638->640 641 5e42d9 639->641 642 6235ba-6235c9 LoadResource 639->642 641->640 642->641 643 6235cf-6235dd SizeofResource 642->643 643->641 644 6235e3-6235ee LockResource 643->644 644->641 645 6235f4-623612 644->645 645->641
                                                                APIs
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,005E50AA,?,?,00000000,00000000), ref: 005E42B2
                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,005E50AA,?,?,00000000,00000000), ref: 005E42C9
                                                                • LoadResource.KERNEL32(?,00000000,?,?,005E50AA,?,?,00000000,00000000,?,?,?,?,?,?,005E4F20), ref: 006235BE
                                                                • SizeofResource.KERNEL32(?,00000000,?,?,005E50AA,?,?,00000000,00000000,?,?,?,?,?,?,005E4F20), ref: 006235D3
                                                                • LockResource.KERNEL32(005E50AA,?,?,005E50AA,?,?,00000000,00000000,?,?,?,?,?,?,005E4F20,?), ref: 006235E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                • String ID: SCRIPT
                                                                • API String ID: 3051347437-3967369404
                                                                • Opcode ID: a08f016af2b7190d65674aa82800f431a7f28903de88e9d55b7e23b99919a7e0
                                                                • Instruction ID: 4fae39fee2a30c21df7936778e3de57568f3e70623a59005b6ac67affc923c64
                                                                • Opcode Fuzzy Hash: a08f016af2b7190d65674aa82800f431a7f28903de88e9d55b7e23b99919a7e0
                                                                • Instruction Fuzzy Hash: 6111ACB4200700BFD7298B66DC48F277BBAEBC5B61F10816DB51696260DB71D8008A20
                                                                Function 00622BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 005E2B6B
                                                                  • Part of subcall function 005E3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,006B1418,?,005E2E7F,?,?,?,00000000), ref: 005E3A78
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,006A2224), ref: 00622C10
                                                                • ShellExecuteW.SHELL32(00000000,?,?,006A2224), ref: 00622C17
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                • String ID: runas
                                                                • API String ID: 448630720-4000483414
                                                                • Opcode ID: 77191844acd28670ee433e4a2b57d43ad3d917201750d084a69e87bbdfa880aa
                                                                • Instruction ID: ff8f676dad41bb193fdae41299614d6eff7bbd1889c3a3e98b27ff4cf964722b
                                                                • Opcode Fuzzy Hash: 77191844acd28670ee433e4a2b57d43ad3d917201750d084a69e87bbdfa880aa
                                                                • Instruction Fuzzy Hash: D211A5711083C26AC71CFF61D86D9AE7FAABBD5351F54182DF0C6170A2DF218A8AC712
                                                                Function 0064D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1153 64d4dc-64d524 CreateToolhelp32Snapshot Process32FirstW call 64def7 1156 64d5d2-64d5d5 1153->1156 1157 64d529-64d538 Process32NextW 1156->1157 1158 64d5db-64d5ea FindCloseChangeNotification 1156->1158 1157->1158 1159 64d53e-64d5ad call 5ea961 * 2 call 5e9cb3 call 5e525f call 5e988f call 5e6350 call 5fce60 1157->1159 1174 64d5b7-64d5be 1159->1174 1175 64d5af-64d5b1 1159->1175 1176 64d5c0-64d5cd call 5e988f * 2 1174->1176 1175->1176 1177 64d5b3-64d5b5 1175->1177 1176->1156 1177->1174 1177->1176
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0064D501
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0064D50F
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 0064D52F
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0064D5DC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 3243318325-0
                                                                • Opcode ID: 4bbd79181420c3dd7bfc61b0ffb7029a469bea64f2af652a461ed5473756cb23
                                                                • Instruction ID: adbdd860daf8e35e30004244bac3a16776e0b2317536cc42f9ae26d1b9b863d6
                                                                • Opcode Fuzzy Hash: 4bbd79181420c3dd7bfc61b0ffb7029a469bea64f2af652a461ed5473756cb23
                                                                • Instruction Fuzzy Hash: 6631B1311083419FD308EF64C885AAFBFE9FFD9354F50092DF585822A1EB719985CB92
                                                                Function 0064DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1181 64dbbe-64dbda lstrlenW 1182 64dc06 1181->1182 1183 64dbdc-64dbe6 GetFileAttributesW 1181->1183 1185 64dc09-64dc0d 1182->1185 1184 64dbe8-64dbf7 FindFirstFileW 1183->1184 1183->1185 1184->1182 1186 64dbf9-64dc04 FindClose 1184->1186 1186->1185
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,00625222), ref: 0064DBCE
                                                                • GetFileAttributesW.KERNEL32(?), ref: 0064DBDD
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0064DBEE
                                                                • FindClose.KERNEL32(00000000), ref: 0064DBFA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                • String ID:
                                                                • API String ID: 2695905019-0
                                                                • Opcode ID: c33e0491d015a1ef8a099f5efe8b438a88fc5105cae18381fd69bf16864c57b7
                                                                • Instruction ID: 3f80ad721fc47e1f8939c957b280bebc3ae53d70b36cfe42cf02d0759bf5b623
                                                                • Opcode Fuzzy Hash: c33e0491d015a1ef8a099f5efe8b438a88fc5105cae18381fd69bf16864c57b7
                                                                • Instruction Fuzzy Hash: 05F0A07082091057C3256BB8AC4D8AA376E9F03374B50471AF83AC22E0EBB05AD58695
                                                                Function 00604CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(006128E9,?,00604CBE,006128E9,006A88B8,0000000C,00604E15,006128E9,00000002,00000000,?,006128E9), ref: 00604D09
                                                                • TerminateProcess.KERNEL32(00000000,?,00604CBE,006128E9,006A88B8,0000000C,00604E15,006128E9,00000002,00000000,?,006128E9), ref: 00604D10
                                                                • ExitProcess.KERNEL32 ref: 00604D22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: 381d44176af761eb3dda8cd44c483985f2eec9d5846041dccf9a7bbb114cd0b2
                                                                • Instruction ID: 0a0e0fbd59ae6d1757a08f0b9d7039c9f0d1806f530175eddaddb3062c0c2de5
                                                                • Opcode Fuzzy Hash: 381d44176af761eb3dda8cd44c483985f2eec9d5846041dccf9a7bbb114cd0b2
                                                                • Instruction Fuzzy Hash: 29E0B671040648BBCF29AF54DD09A993B6BEF417A5B144018FD099A2B2DF35DD82CA84
                                                                Function 005EBF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: BuffCharUpper
                                                                • String ID: p#k
                                                                • API String ID: 3964851224-3480846067
                                                                • Opcode ID: 987ab4e24ba671320cb28d8f6309879b46f3af86d405b00b717190b58a7b0bdd
                                                                • Instruction ID: 91ba25d99ca0f0ddf708fd2cb8b11775f44eb5fd310320703da7bfb3d1d7b516
                                                                • Opcode Fuzzy Hash: 987ab4e24ba671320cb28d8f6309879b46f3af86d405b00b717190b58a7b0bdd
                                                                • Instruction Fuzzy Hash: 7DA259706083419FD718CF29C494B6ABFE1BF89304F14896DE99A8B352D731EC46CB92
                                                                Function 005ED730 Relevance: 21.6, APIs: 14, Instructions: 627windowsleeptimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetInputState.USER32 ref: 005ED807
                                                                • timeGetTime.WINMM ref: 005EDA07
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 005EDB28
                                                                • TranslateMessage.USER32(?), ref: 005EDB7B
                                                                • DispatchMessageW.USER32(?), ref: 005EDB89
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 005EDB9F
                                                                • Sleep.KERNEL32(0000000A), ref: 005EDBB1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                • String ID:
                                                                • API String ID: 2189390790-0
                                                                • Opcode ID: 022c300f52a52a655c46880e9607deaef276c7bbb20c12371f158fda81c32710
                                                                • Instruction ID: dfcbb30ff3aec0cefdd5a18990b6121bf6e56b0b0a8b00f821e5d8e8b11d7958
                                                                • Opcode Fuzzy Hash: 022c300f52a52a655c46880e9607deaef276c7bbb20c12371f158fda81c32710
                                                                • Instruction Fuzzy Hash: 5542F570608382DFD728CF25C854BAABBF6BF86314F14465DE4958B391D774E884CBA2
                                                                Function 005E2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 005E2D07
                                                                • RegisterClassExW.USER32(00000030), ref: 005E2D31
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 005E2D42
                                                                • InitCommonControlsEx.COMCTL32(?), ref: 005E2D5F
                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 005E2D6F
                                                                • LoadIconW.USER32(000000A9), ref: 005E2D85
                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 005E2D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                • API String ID: 2914291525-1005189915
                                                                • Opcode ID: 5d4f8aaa4bbcefa0ea72c0653c6a142bf2a608265eb5239e3e126b666961f037
                                                                • Instruction ID: 2ddf810a02e05a95464e5a8823613737103723aaa3ff8c05382e06aa072612d6
                                                                • Opcode Fuzzy Hash: 5d4f8aaa4bbcefa0ea72c0653c6a142bf2a608265eb5239e3e126b666961f037
                                                                • Instruction Fuzzy Hash: F32113B0901348AFDB04EFA4EC59BDDBBB6FB08711F10921AF615AA2A0D7B10580CF90
                                                                Function 0062065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 302 62065b-62068b call 62042f 305 6206a6-6206b2 call 615221 302->305 306 62068d-620698 call 60f2c6 302->306 311 6206b4-6206c9 call 60f2c6 call 60f2d9 305->311 312 6206cb-620714 call 62039a 305->312 313 62069a-6206a1 call 60f2d9 306->313 311->313 322 620781-62078a GetFileType 312->322 323 620716-62071f 312->323 320 62097d-620983 313->320 324 6207d3-6207d6 322->324 325 62078c-6207bd GetLastError call 60f2a3 CloseHandle 322->325 327 620721-620725 323->327 328 620756-62077c GetLastError call 60f2a3 323->328 331 6207d8-6207dd 324->331 332 6207df-6207e5 324->332 325->313 339 6207c3-6207ce call 60f2d9 325->339 327->328 333 620727-620754 call 62039a 327->333 328->313 336 6207e9-620837 call 61516a 331->336 332->336 337 6207e7 332->337 333->322 333->328 344 620847-62086b call 62014d 336->344 345 620839-620845 call 6205ab 336->345 337->336 339->313 352 62087e-6208c1 344->352 353 62086d 344->353 345->344 351 62086f-620879 call 6186ae 345->351 351->320 355 6208e2-6208f0 352->355 356 6208c3-6208c7 352->356 353->351 359 6208f6-6208fa 355->359 360 62097b 355->360 356->355 358 6208c9-6208dd 356->358 358->355 359->360 361 6208fc-62092f CloseHandle call 62039a 359->361 360->320 364 620963-620977 361->364 365 620931-62095d GetLastError call 60f2a3 call 615333 361->365 364->360 365->364
                                                                APIs
                                                                  • Part of subcall function 0062039A: CreateFileW.KERNEL32(00000000,00000000,?,00620704,?,?,00000000,?,00620704,00000000,0000000C), ref: 006203B7
                                                                • GetLastError.KERNEL32 ref: 0062076F
                                                                • __dosmaperr.LIBCMT ref: 00620776
                                                                • GetFileType.KERNEL32(00000000), ref: 00620782
                                                                • GetLastError.KERNEL32 ref: 0062078C
                                                                • __dosmaperr.LIBCMT ref: 00620795
                                                                • CloseHandle.KERNEL32(00000000), ref: 006207B5
                                                                • CloseHandle.KERNEL32(?), ref: 006208FF
                                                                • GetLastError.KERNEL32 ref: 00620931
                                                                • __dosmaperr.LIBCMT ref: 00620938
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                • String ID: H
                                                                • API String ID: 4237864984-2852464175
                                                                • Opcode ID: ba2c689ff9175cad362a6d30b8b428c48adeb812ebbb57f2a28ddb653bd3205b
                                                                • Instruction ID: 89686cc03d466ad5e4d336636d93e473e26f60959343877b3629fb06bab6c228
                                                                • Opcode Fuzzy Hash: ba2c689ff9175cad362a6d30b8b428c48adeb812ebbb57f2a28ddb653bd3205b
                                                                • Instruction Fuzzy Hash: B9A12432A105188FEF19EF68E851BAE7BA2AB06320F14415DF8159F3D2D7319953CF91
                                                                Function 005E344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 005E3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,006B1418,?,005E2E7F,?,?,?,00000000), ref: 005E3A78
                                                                  • Part of subcall function 005E3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 005E3379
                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 005E356A
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0062318D
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 006231CE
                                                                • RegCloseKey.ADVAPI32(?), ref: 00623210
                                                                • _wcslen.LIBCMT ref: 00623277
                                                                • _wcslen.LIBCMT ref: 00623286
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                • API String ID: 98802146-2727554177
                                                                • Opcode ID: 016f8999bcea15b3e888113c725f55ff8c408d0dc7d54ad3bb2956ee8ca7cbab
                                                                • Instruction ID: b582f6b8cca7c8b7421e4c42e30fb75f3a50ac6c7d5977c7d87e6e878585f892
                                                                • Opcode Fuzzy Hash: 016f8999bcea15b3e888113c725f55ff8c408d0dc7d54ad3bb2956ee8ca7cbab
                                                                • Instruction Fuzzy Hash: 7B71D7B14043529FC318EF25EC958ABBBEAFF85740F40592DF58587261EB349A88CB51
                                                                Function 005E2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 005E2B8E
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 005E2B9D
                                                                • LoadIconW.USER32(00000063), ref: 005E2BB3
                                                                • LoadIconW.USER32(000000A4), ref: 005E2BC5
                                                                • LoadIconW.USER32(000000A2), ref: 005E2BD7
                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 005E2BEF
                                                                • RegisterClassExW.USER32(?), ref: 005E2C40
                                                                  • Part of subcall function 005E2CD4: GetSysColorBrush.USER32(0000000F), ref: 005E2D07
                                                                  • Part of subcall function 005E2CD4: RegisterClassExW.USER32(00000030), ref: 005E2D31
                                                                  • Part of subcall function 005E2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 005E2D42
                                                                  • Part of subcall function 005E2CD4: InitCommonControlsEx.COMCTL32(?), ref: 005E2D5F
                                                                  • Part of subcall function 005E2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 005E2D6F
                                                                  • Part of subcall function 005E2CD4: LoadIconW.USER32(000000A9), ref: 005E2D85
                                                                  • Part of subcall function 005E2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 005E2D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                • String ID: #$0$AutoIt v3
                                                                • API String ID: 423443420-4155596026
                                                                • Opcode ID: 7065a70de7adb5177d020c06abc64803e54d1c456807c1a1c1b2071c21ce7c13
                                                                • Instruction ID: ed5745a3a8ad1110119e7960bd0c714138fb2a2c02d4f16afc98e9ae20a07852
                                                                • Opcode Fuzzy Hash: 7065a70de7adb5177d020c06abc64803e54d1c456807c1a1c1b2071c21ce7c13
                                                                • Instruction Fuzzy Hash: 91217FB1E10314BBDB149FA5EC65A9D7FF6FB49B50F50111AE604AA2A0E7B10A80CF90
                                                                Function 005E3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 443 5e3170-5e3185 444 5e3187-5e318a 443->444 445 5e31e5-5e31e7 443->445 447 5e318c-5e3193 444->447 448 5e31eb 444->448 445->444 446 5e31e9 445->446 449 5e31d0-5e31d8 DefWindowProcW 446->449 452 5e3199-5e319e 447->452 453 5e3265-5e326d PostQuitMessage 447->453 450 622dfb-622e23 call 5e18e2 call 5fe499 448->450 451 5e31f1-5e31f6 448->451 460 5e31de-5e31e4 449->460 489 622e28-622e2f 450->489 455 5e321d-5e3244 SetTimer RegisterWindowMessageW 451->455 456 5e31f8-5e31fb 451->456 458 5e31a4-5e31a8 452->458 459 622e7c-622e90 call 64bf30 452->459 454 5e3219-5e321b 453->454 454->460 455->454 464 5e3246-5e3251 CreatePopupMenu 455->464 461 622d9c-622d9f 456->461 462 5e3201-5e320f KillTimer call 5e30f2 456->462 465 5e31ae-5e31b3 458->465 466 622e68-622e77 call 64c161 458->466 459->454 484 622e96 459->484 468 622da1-622da5 461->468 469 622dd7-622df6 MoveWindow 461->469 479 5e3214 call 5e3c50 462->479 464->454 473 5e31b9-5e31be 465->473 474 622e4d-622e54 465->474 466->454 476 622dc6-622dd2 SetFocus 468->476 477 622da7-622daa 468->477 469->454 482 5e31c4-5e31ca 473->482 483 5e3253-5e3263 call 5e326f 473->483 474->449 478 622e5a-622e63 call 640ad7 474->478 476->454 477->482 485 622db0-622dc1 call 5e18e2 477->485 478->449 479->454 482->449 482->489 483->454 484->449 485->454 489->449 493 622e35-622e48 call 5e30f2 call 5e3837 489->493 493->449
                                                                APIs
                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,005E316A,?,?), ref: 005E31D8
                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,005E316A,?,?), ref: 005E3204
                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 005E3227
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,005E316A,?,?), ref: 005E3232
                                                                • CreatePopupMenu.USER32 ref: 005E3246
                                                                • PostQuitMessage.USER32(00000000), ref: 005E3267
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                • String ID: TaskbarCreated
                                                                • API String ID: 129472671-2362178303
                                                                • Opcode ID: a281faf50cefe48e70eece56d5f065a031e390d9b98c4d838813cbbe314c5e8a
                                                                • Instruction ID: 8b475ed404ae095d7c1e7917e2905e8c1f6ce6ddec0687713bcade4531b12ad4
                                                                • Opcode Fuzzy Hash: a281faf50cefe48e70eece56d5f065a031e390d9b98c4d838813cbbe314c5e8a
                                                                • Instruction Fuzzy Hash: DD4126B5204285BBDB1C1B29DC3DBB93E57FB42350F44152DF6C58B2A1DA618A80D761
                                                                Function 005E1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 499 5e1410-5e1449 500 5e144f-5e1465 mciSendStringW 499->500 501 6224b8-6224b9 DestroyWindow 499->501 502 5e146b-5e1473 500->502 503 5e16c6-5e16d3 500->503 504 6224c4-6224d1 501->504 502->504 505 5e1479-5e1488 call 5e182e 502->505 506 5e16f8-5e16ff 503->506 507 5e16d5-5e16f0 UnregisterHotKey 503->507 508 6224d3-6224d6 504->508 509 622500-622507 504->509 520 5e148e-5e1496 505->520 521 62250e-62251a 505->521 506->502 512 5e1705 506->512 507->506 511 5e16f2-5e16f3 call 5e10d0 507->511 513 6224e2-6224e5 FindClose 508->513 514 6224d8-6224e0 call 5e6246 508->514 509->504 517 622509 509->517 511->506 512->503 519 6224eb-6224f8 513->519 514->519 517->521 519->509 523 6224fa-6224fb call 6532b1 519->523 524 622532-62253f 520->524 525 5e149c-5e14c1 call 5ecfa0 520->525 526 622524-62252b 521->526 527 62251c-62251e FreeLibrary 521->527 523->509 529 622541-62255e VirtualFree 524->529 530 622566-62256d 524->530 537 5e14f8-5e1503 OleUninitialize 525->537 538 5e14c3 525->538 526->521 528 62252d 526->528 527->526 528->524 529->530 533 622560-622561 call 653317 529->533 530->524 534 62256f 530->534 533->530 539 622574-622578 534->539 537->539 540 5e1509-5e150e 537->540 541 5e14c6-5e14f6 call 5e1a05 call 5e19ae 538->541 539->540 544 62257e-622584 539->544 542 5e1514-5e151e 540->542 543 622589-622596 call 6532eb 540->543 541->537 546 5e1707-5e1714 call 5ff80e 542->546 547 5e1524-5e15a5 call 5e988f call 5e1944 call 5e17d5 call 5ffe14 call 5e177c call 5e988f call 5ecfa0 call 5e17fe call 5ffe14 542->547 555 622598 543->555 544->540 546->547 560 5e171a 546->560 561 62259d-6225bf call 5ffdcd 547->561 589 5e15ab-5e15cf call 5ffe14 547->589 555->561 560->546 567 6225c1 561->567 570 6225c6-6225e8 call 5ffdcd 567->570 577 6225ea 570->577 580 6225ef-622611 call 5ffdcd 577->580 585 622613 580->585 588 622618-622625 call 6464d4 585->588 594 622627 588->594 589->570 595 5e15d5-5e15f9 call 5ffe14 589->595 597 62262c-622639 call 5fac64 594->597 595->580 600 5e15ff-5e1619 call 5ffe14 595->600 604 62263b 597->604 600->588 605 5e161f-5e1643 call 5e17d5 call 5ffe14 600->605 607 622640-62264d call 653245 604->607 605->597 614 5e1649-5e1651 605->614 613 62264f 607->613 615 622654-622661 call 6532cc 613->615 614->607 616 5e1657-5e1675 call 5e988f call 5e190a 614->616 621 622663 615->621 616->615 625 5e167b-5e1689 616->625 624 622668-622675 call 6532cc 621->624 630 622677 624->630 625->624 627 5e168f-5e16c5 call 5e988f * 3 call 5e1876 625->627 630->630
                                                                APIs
                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 005E1459
                                                                • OleUninitialize.OLE32(?,00000000), ref: 005E14F8
                                                                • UnregisterHotKey.USER32(?), ref: 005E16DD
                                                                • DestroyWindow.USER32(?), ref: 006224B9
                                                                • FreeLibrary.KERNEL32(?), ref: 0062251E
                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0062254B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                • String ID: close all
                                                                • API String ID: 469580280-3243417748
                                                                • Opcode ID: 3987e2af8df8532447ab311a0cb4adbc0583015abb8c6c7370e63cf96c214425
                                                                • Instruction ID: 364afff17c668e7384697e85576a6739c58bb5b8dd717a36aa8aa8252a3bf04b
                                                                • Opcode Fuzzy Hash: 3987e2af8df8532447ab311a0cb4adbc0583015abb8c6c7370e63cf96c214425
                                                                • Instruction Fuzzy Hash: EDD1AD31701663DFCB29EF15D4A8A69FBA2BF44700F1481ADE58AAB351CB30AD52CF54
                                                                Function 005E2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 648 5e2c63-5e2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                APIs
                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 005E2C91
                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 005E2CB2
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,005E1CAD,?), ref: 005E2CC6
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,005E1CAD,?), ref: 005E2CCF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$CreateShow
                                                                • String ID: AutoIt v3$edit
                                                                • API String ID: 1584632944-3779509399
                                                                • Opcode ID: 725caae75e5da0114089c33fecf1760b92bd63bc0a5bce52aa52037e600ffe65
                                                                • Instruction ID: 2959680de7cd0992e60be546ad5e147a4448514aa7e703f8782b3841e84e709e
                                                                • Opcode Fuzzy Hash: 725caae75e5da0114089c33fecf1760b92bd63bc0a5bce52aa52037e600ffe65
                                                                • Instruction Fuzzy Hash: 9CF030B55402907BE73007236C18E772EBFD7C7F60B54511DFA04D61A0D6610880DB70
                                                                Function 0066AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 763 66ad64-66ad9c call 5ea961 call 602340 768 66add1-66add5 763->768 769 66ad9e-66adb5 call 5e7510 763->769 771 66add7-66adee call 5e7510 call 5e7620 768->771 772 66adf1-66adf5 768->772 769->768 780 66adb7-66adce call 5e7510 call 5e7620 769->780 771->772 773 66adf7-66ae0e call 5e7510 772->773 774 66ae3a 772->774 777 66ae3c-66ae40 773->777 789 66ae10-66ae21 call 5e9b47 773->789 774->777 781 66ae42-66ae50 call 5eb567 777->781 782 66ae53-66aeae call 602340 call 5e7510 ShellExecuteExW 777->782 780->768 781->782 800 66aeb7-66aeb9 782->800 801 66aeb0-66aeb6 call 5ffe14 782->801 789->774 799 66ae23-66ae2e call 5e7510 789->799 799->774 810 66ae30-66ae35 call 5ea8c7 799->810 805 66aec2-66aec6 800->805 806 66aebb-66aec1 call 5ffe14 800->806 801->800 807 66af0a-66af0e 805->807 808 66aec8-66aed6 805->808 806->805 814 66af10-66af19 807->814 815 66af1b-66af33 call 5ecfa0 807->815 812 66aedb-66aeeb 808->812 813 66aed8 808->813 810->774 818 66aef0-66af08 call 5ecfa0 812->818 819 66aeed 812->819 813->812 820 66af6d-66af7b call 5e988f 814->820 815->820 827 66af35-66af46 GetProcessId 815->827 818->820 819->818 828 66af4e-66af67 call 5ecfa0 CloseHandle 827->828 829 66af48 827->829 828->820 829->828
                                                                APIs
                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 0066AEA3
                                                                  • Part of subcall function 005E7620: _wcslen.LIBCMT ref: 005E7625
                                                                • GetProcessId.KERNEL32(00000000), ref: 0066AF38
                                                                • CloseHandle.KERNEL32(00000000), ref: 0066AF67
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                • String ID: <$@
                                                                • API String ID: 146682121-1426351568
                                                                • Opcode ID: b2bc6ff38d3579dcc295b7721db00339101ec4243316fc399c294396acfe4818
                                                                • Instruction ID: d817ce228236ce73a9a24fa1f4cdbffc72a35832acec63fc090f690cea4f7c54
                                                                • Opcode Fuzzy Hash: b2bc6ff38d3579dcc295b7721db00339101ec4243316fc399c294396acfe4818
                                                                • Instruction Fuzzy Hash: DC717870A0065ADFCB18DF95C488A9EBBF1BF48310F048499E856AB3A2D735ED41CF91
                                                                Function 005E3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1142 5e3b1c-5e3b27 1143 5e3b99-5e3b9b 1142->1143 1144 5e3b29-5e3b2e 1142->1144 1145 5e3b8c-5e3b8f 1143->1145 1144->1143 1146 5e3b30-5e3b48 RegOpenKeyExW 1144->1146 1146->1143 1147 5e3b4a-5e3b69 RegQueryValueExW 1146->1147 1148 5e3b6b-5e3b76 1147->1148 1149 5e3b80-5e3b8b RegCloseKey 1147->1149 1150 5e3b78-5e3b7a 1148->1150 1151 5e3b90-5e3b97 1148->1151 1149->1145 1152 5e3b7e 1150->1152 1151->1152 1152->1149
                                                                APIs
                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,005E3B0F,SwapMouseButtons,00000004,?), ref: 005E3B40
                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,005E3B0F,SwapMouseButtons,00000004,?), ref: 005E3B61
                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,005E3B0F,SwapMouseButtons,00000004,?), ref: 005E3B83
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID: Control Panel\Mouse
                                                                • API String ID: 3677997916-824357125
                                                                • Opcode ID: afd7c1ae819ac8f79f8cf12459a95b33585bfdbcf154a367df9374eff396d959
                                                                • Instruction ID: 564ac1109c731db291cbce420af13b0e000834e0b3d92ba583ad6034ba2da02d
                                                                • Opcode Fuzzy Hash: afd7c1ae819ac8f79f8cf12459a95b33585bfdbcf154a367df9374eff396d959
                                                                • Instruction Fuzzy Hash: 0E112AB5510248FFDB24CFA6DC48AAEBBBCFF44754B104959E846D7110E2319E4097A0
                                                                Function 005E3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 006233A2
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 005E3A04
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                • String ID: Line:
                                                                • API String ID: 2289894680-1585850449
                                                                • Opcode ID: 8a0ec7f933907d9d5b454ccf5af261adf7b5f1366b91532efebb7dcc0b7d6098
                                                                • Instruction ID: 56d2bdfeaa53707518870b674bab0b25ce447e1b24052eef88f25415e4544edd
                                                                • Opcode Fuzzy Hash: 8a0ec7f933907d9d5b454ccf5af261adf7b5f1366b91532efebb7dcc0b7d6098
                                                                • Instruction Fuzzy Hash: 8531E6B1408395AAC328EB11DC49BDB7BD9BF85750F10492EF5D983191EB749684C7C2
                                                                Function 005E2DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00622C8C
                                                                  • Part of subcall function 005E3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,005E3A97,?,?,005E2E7F,?,?,?,00000000), ref: 005E3AC2
                                                                  • Part of subcall function 005E2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 005E2DC4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Name$Path$FileFullLongOpen
                                                                • String ID: X$`ej
                                                                • API String ID: 779396738-472619002
                                                                • Opcode ID: fde6b00084f32d85f41655beb9acce1642eca91ca73cdce5e88672396169d726
                                                                • Instruction ID: a6983def089c66f4fd9a497a65d2825f07a6b194cfc6ef5993c4201fbccb1124
                                                                • Opcode Fuzzy Hash: fde6b00084f32d85f41655beb9acce1642eca91ca73cdce5e88672396169d726
                                                                • Instruction Fuzzy Hash: C621D870E00298AFCB45EF95C809BEE7FFDAF49304F048059F445A7241DBB459898F61
                                                                Function 005FFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00600668
                                                                  • Part of subcall function 006032A4: RaiseException.KERNEL32(?,?,?,0060068A,?,006B1444,?,?,?,?,?,?,0060068A,005E1129,006A8738,005E1129), ref: 00603304
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00600685
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                • String ID: Unknown exception
                                                                • API String ID: 3476068407-410509341
                                                                • Opcode ID: e2a54ed1939314aa490cc948ed513ab4d77c680ecf9d6d29d220515796e40a5b
                                                                • Instruction ID: 54cf10a150794c2847500b582084eecdabb1898b2bc960525a49a56adb0d1517
                                                                • Opcode Fuzzy Hash: e2a54ed1939314aa490cc948ed513ab4d77c680ecf9d6d29d220515796e40a5b
                                                                • Instruction Fuzzy Hash: 7CF0FC3494020D77DB08B664DC46D9F7B6FAE00350F604535B914D6AD1EF72DB25CAC4
                                                                Function 005E10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 005E1BF4
                                                                  • Part of subcall function 005E1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 005E1BFC
                                                                  • Part of subcall function 005E1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 005E1C07
                                                                  • Part of subcall function 005E1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 005E1C12
                                                                  • Part of subcall function 005E1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 005E1C1A
                                                                  • Part of subcall function 005E1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 005E1C22
                                                                  • Part of subcall function 005E1B4A: RegisterWindowMessageW.USER32(00000004,?,005E12C4), ref: 005E1BA2
                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 005E136A
                                                                • OleInitialize.OLE32 ref: 005E1388
                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 006224AB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                • String ID:
                                                                • API String ID: 1986988660-0
                                                                • Opcode ID: e1bae4a6e23a2caf142812b2112235de3a3a5252b20946ac497c39298b3b9438
                                                                • Instruction ID: 3fe766140fd046d3fc388d398f11792b3a0219c5934142e317184d0ad19d8ad6
                                                                • Opcode Fuzzy Hash: e1bae4a6e23a2caf142812b2112235de3a3a5252b20946ac497c39298b3b9438
                                                                • Instruction Fuzzy Hash: 8171D2F6911241AEC3A4DF7AA8796953FE3BB8A350794A32ED05ACF261E73044C18F54
                                                                Function 006186AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,006185CC,?,006A8CC8,0000000C), ref: 00618704
                                                                • GetLastError.KERNEL32(?,006185CC,?,006A8CC8,0000000C), ref: 0061870E
                                                                • __dosmaperr.LIBCMT ref: 00618739
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                • String ID:
                                                                • API String ID: 490808831-0
                                                                • Opcode ID: 0dababb6551989c7f8c0458817ab87980875e43277f06d7dba808af3b42cb1fd
                                                                • Instruction ID: 4be0ef869f520d3e2ac49807e6c8ed9f571ec024c40ba51cef4749b92a7d6781
                                                                • Opcode Fuzzy Hash: 0dababb6551989c7f8c0458817ab87980875e43277f06d7dba808af3b42cb1fd
                                                                • Instruction Fuzzy Hash: B701DB326056605ED6A4A33468457FE6B5B4BD1774F3D021EF8199B2D3EFA18CC181D4
                                                                Function 005F1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __Init_thread_footer.LIBCMT ref: 005F17F6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Init_thread_footer
                                                                • String ID: CALL
                                                                • API String ID: 1385522511-4196123274
                                                                • Opcode ID: dffe390ee7bbbe5cfe5bd8ac668b9d1691a1c5af92d34191393e38c14a5c784f
                                                                • Instruction ID: db9d6a6b26b49c250e08272f4467a8e73b68af78f2b3fd9731e3b6999f628160
                                                                • Opcode Fuzzy Hash: dffe390ee7bbbe5cfe5bd8ac668b9d1691a1c5af92d34191393e38c14a5c784f
                                                                • Instruction Fuzzy Hash: F0229B70608606DFC714DF14C484A3ABBF2BF85354F14892DF69A8B3A2D739E845CB96
                                                                Function 005E3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 005E3908
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: adb3e5c429e266fffc0beef562595b67847ae363a69aa3de503c7a17d3ec4d39
                                                                • Instruction ID: 0e42f9973f715a7c372e04c85ca7382a4ee4c891c55c8b08e9153165ffcfb94d
                                                                • Opcode Fuzzy Hash: adb3e5c429e266fffc0beef562595b67847ae363a69aa3de503c7a17d3ec4d39
                                                                • Instruction Fuzzy Hash: E331BFB16097419FD360DF25D8987A7BBE8FB49308F00092EF6D987240E771AA44CB52
                                                                Function 005E4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,005E4EDD,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4E9C
                                                                  • Part of subcall function 005E4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 005E4EAE
                                                                  • Part of subcall function 005E4E90: FreeLibrary.KERNEL32(00000000,?,?,005E4EDD,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4EC0
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4EFD
                                                                  • Part of subcall function 005E4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00623CDE,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4E62
                                                                  • Part of subcall function 005E4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 005E4E74
                                                                  • Part of subcall function 005E4E59: FreeLibrary.KERNEL32(00000000,?,?,00623CDE,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4E87
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressFreeProc
                                                                • String ID:
                                                                • API String ID: 2632591731-0
                                                                • Opcode ID: 13fdde27fd08b2dfe0e001c312e2f55e7b79df610c65b499f138f20f4149cc0c
                                                                • Instruction ID: d8bdde53c9fceda65e45da4d2f33dca356e3f97632ad6a34e519dc54da9da39e
                                                                • Opcode Fuzzy Hash: 13fdde27fd08b2dfe0e001c312e2f55e7b79df610c65b499f138f20f4149cc0c
                                                                • Instruction Fuzzy Hash: 1D11EB31600356AACF18BB61DC06FAD7BA5BF80B10F10481DF5D2A62C1EE759A459F50
                                                                Function 00618402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: __wsopen_s
                                                                • String ID:
                                                                • API String ID: 3347428461-0
                                                                • Opcode ID: 4c02bb1b7f2a68c439d552ebc562ed705d38592714ad17f55e448ef8c97578ba
                                                                • Instruction ID: be49da7b9c645418c16b3a52e161835709f9fcde34cfa8176ce716a8138a01df
                                                                • Opcode Fuzzy Hash: 4c02bb1b7f2a68c439d552ebc562ed705d38592714ad17f55e448ef8c97578ba
                                                                • Instruction Fuzzy Hash: F211487190410AAFCB05DF58E9419DA7BF6EF48300F144059F808AB312DA31DA11CBA4
                                                                Function 00615000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00614C7D: RtlAllocateHeap.NTDLL(00000008,005E1129,00000000,?,00612E29,00000001,00000364,?,?,?,0060F2DE,00613863,006B1444,?,005FFDF5,?), ref: 00614CBE
                                                                • _free.LIBCMT ref: 0061506C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap_free
                                                                • String ID:
                                                                • API String ID: 614378929-0
                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                • Instruction ID: dac496a2706aba9951146beaa4630777cffdbc2914138bd66cf1d6f000cc7f17
                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                • Instruction Fuzzy Hash: F8012B722047059BE3218E6598419DAFBEAFBC9370F29051DE18583280EA306885C6B4
                                                                Function 0060E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction ID: c8c53f5dc835dc5730c24553c5c6de0a120e7874fce84ee12a40d313f0db2c4d
                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction Fuzzy Hash: 4BF0F932560A249AD6393A69AC05BD7339B9F52335F140B1DF421932D2CF76984286AD
                                                                Function 00614C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000008,005E1129,00000000,?,00612E29,00000001,00000364,?,?,?,0060F2DE,00613863,006B1444,?,005FFDF5,?), ref: 00614CBE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 89f0b335708d234fc6feb84e5673f3132cd39e498902a2ebacfacead52cc4e4d
                                                                • Instruction ID: 79ddc648b51fd21d31f0c8dd84617af3d2791acdfb0f42c1288b4958affcc655
                                                                • Opcode Fuzzy Hash: 89f0b335708d234fc6feb84e5673f3132cd39e498902a2ebacfacead52cc4e4d
                                                                • Instruction Fuzzy Hash: 14F0E23164222467DB355F66DC09BDB378BBF917B0B1C8229BC19AB3D0CE30D88186E0
                                                                Function 00613820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,?,006B1444,?,005FFDF5,?,?,005EA976,00000010,006B1440,005E13FC,?,005E13C6,?,005E1129), ref: 00613852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 65410cdbb187b61486d7ba4dc939ee4022f31bd1ac236be37b715911b3a054ff
                                                                • Instruction ID: 43d1c8594d9113c3ebece6d67872b74f2c9027d66365656f24a0f65b3da44f01
                                                                • Opcode Fuzzy Hash: 65410cdbb187b61486d7ba4dc939ee4022f31bd1ac236be37b715911b3a054ff
                                                                • Instruction Fuzzy Hash: F2E0E531140234A6D7B127669C04BDB374BAF427B0F0D0124BD0B96BC0DB10DE8182E4
                                                                Function 005E4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4F6D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID:
                                                                • API String ID: 3664257935-0
                                                                • Opcode ID: 4fc56535f7d7f892b0946980fd27d16ceb537cefea7f7a72b55fb7e5cb89ef46
                                                                • Instruction ID: a5c691d202a0defc3e935735f1577d476b05f89326a7d8ea070fe3b100db73b0
                                                                • Opcode Fuzzy Hash: 4fc56535f7d7f892b0946980fd27d16ceb537cefea7f7a72b55fb7e5cb89ef46
                                                                • Instruction Fuzzy Hash: 07F01C71105791CFDB3C9F66D494812BBE5BF147293108D7EE1EA82611C7369C44DF50
                                                                Function 005E30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 005E314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: 1de579793acf4ad1750b1c24f583e229b8391bc0f45b33414b8ccd3546e520eb
                                                                • Instruction ID: 6ee170c80e3dec5c30ad5fd7b5cea7d76a565c8677fb89a085d037e0d1a2fe3e
                                                                • Opcode Fuzzy Hash: 1de579793acf4ad1750b1c24f583e229b8391bc0f45b33414b8ccd3546e520eb
                                                                • Instruction Fuzzy Hash: A3F0A7B0904308AFE7569B24DC497D67BFCAB01708F1001E9A28897181E77057C8CF41
                                                                Function 005E2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 005E2DC4
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: LongNamePath_wcslen
                                                                • String ID:
                                                                • API String ID: 541455249-0
                                                                • Opcode ID: 11c8aa1a70a7103445aa820f1fb3f742cc10b52864c2314aa5c644eb19cc0726
                                                                • Instruction ID: 9e07ab97835a308f5f1841ddc8730618fdab2c251e7740f752bb5cca3b6b2a04
                                                                • Opcode Fuzzy Hash: 11c8aa1a70a7103445aa820f1fb3f742cc10b52864c2314aa5c644eb19cc0726
                                                                • Instruction Fuzzy Hash: ACE0CD726041245BC71092589C05FDA77DEEFC87D0F044075FD49D7258D960ADC08550
                                                                Function 005E2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 005E3908
                                                                  • Part of subcall function 005ED730: GetInputState.USER32 ref: 005ED807
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 005E2B6B
                                                                  • Part of subcall function 005E30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 005E314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                • String ID:
                                                                • API String ID: 3667716007-0
                                                                • Opcode ID: 562b30728adc22d0ad48df8d3887689f906de1c456415ae0e17a1c67640b9eeb
                                                                • Instruction ID: 6de690af546a95495cccab8e0e999a7b5e712e1b0390efcff5192f51a0297e39
                                                                • Opcode Fuzzy Hash: 562b30728adc22d0ad48df8d3887689f906de1c456415ae0e17a1c67640b9eeb
                                                                • Instruction Fuzzy Hash: 9BE026213042C617C70CBB32A82E5ADBF9ABBD2361F80153EF0C247162CE214A854311
                                                                Function 0062039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00620704,?,?,00000000,?,00620704,00000000,0000000C), ref: 006203B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: ebcbbce05f116064703cf6f9c530751284429a758e1044eacc765cbfd05f0a47
                                                                • Instruction ID: d6da5971aeb2f1a9c2ebff30d9eee42e5980a456cf33e1d078e024319b6cf70b
                                                                • Opcode Fuzzy Hash: ebcbbce05f116064703cf6f9c530751284429a758e1044eacc765cbfd05f0a47
                                                                • Instruction Fuzzy Hash: 2ED06C3204010DBBDF028F84DD06EDA3BAAFB48714F114050BE1856020C732E861AB90
                                                                Function 005E1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 005E1CBC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoParametersSystem
                                                                • String ID:
                                                                • API String ID: 3098949447-0
                                                                • Opcode ID: f5d373ac5df0d9252f8421e96159e9554260fb181a16ad99a00c3b476b422dcc
                                                                • Instruction ID: 4b9ecb0011d820b24ef80525cdeed3a07286220fe1f66eb25446bbe443afd493
                                                                • Opcode Fuzzy Hash: f5d373ac5df0d9252f8421e96159e9554260fb181a16ad99a00c3b476b422dcc
                                                                • Instruction Fuzzy Hash: 16C09B76280305AFF3144780BC5AF107796A348B10F445101F70D595E3D3A224B0DB50

                                                                Non-executed Functions

                                                                Function 00679576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0067961A
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0067965B
                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0067969F
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006796C9
                                                                • SendMessageW.USER32 ref: 006796F2
                                                                • GetKeyState.USER32(00000011), ref: 0067978B
                                                                • GetKeyState.USER32(00000009), ref: 00679798
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006797AE
                                                                • GetKeyState.USER32(00000010), ref: 006797B8
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006797E9
                                                                • SendMessageW.USER32 ref: 00679810
                                                                • SendMessageW.USER32(?,00001030,?,00677E95), ref: 00679918
                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0067992E
                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00679941
                                                                • SetCapture.USER32(?), ref: 0067994A
                                                                • ClientToScreen.USER32(?,?), ref: 006799AF
                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 006799BC
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006799D6
                                                                • ReleaseCapture.USER32 ref: 006799E1
                                                                • GetCursorPos.USER32(?), ref: 00679A19
                                                                • ScreenToClient.USER32(?,?), ref: 00679A26
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00679A80
                                                                • SendMessageW.USER32 ref: 00679AAE
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00679AEB
                                                                • SendMessageW.USER32 ref: 00679B1A
                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00679B3B
                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00679B4A
                                                                • GetCursorPos.USER32(?), ref: 00679B68
                                                                • ScreenToClient.USER32(?,?), ref: 00679B75
                                                                • GetParent.USER32(?), ref: 00679B93
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00679BFA
                                                                • SendMessageW.USER32 ref: 00679C2B
                                                                • ClientToScreen.USER32(?,?), ref: 00679C84
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00679CB4
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00679CDE
                                                                • SendMessageW.USER32 ref: 00679D01
                                                                • ClientToScreen.USER32(?,?), ref: 00679D4E
                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00679D82
                                                                  • Part of subcall function 005F9944: GetWindowLongW.USER32(?,000000EB), ref: 005F9952
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00679E05
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                • String ID: @GUI_DRAGID$F$p#k
                                                                • API String ID: 3429851547-828980573
                                                                • Opcode ID: 874436823d1b6fe73d95d5d8f49cb55e38712d3eae35d475077f7204788ec367
                                                                • Instruction ID: 2c5d4ca49392d51e282c64419d2d3884b1fea17db90924ba0b5e64f45b9baa39
                                                                • Opcode Fuzzy Hash: 874436823d1b6fe73d95d5d8f49cb55e38712d3eae35d475077f7204788ec367
                                                                • Instruction Fuzzy Hash: CE426D74204241AFE725DF24CC94AAABBE6FF49320F14861DF699872A1D731A891CF61
                                                                Function 00674873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 006748F3
                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00674908
                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00674927
                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0067494B
                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0067495C
                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0067497B
                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 006749AE
                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 006749D4
                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00674A0F
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00674A56
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00674A7E
                                                                • IsMenu.USER32(?), ref: 00674A97
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00674AF2
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00674B20
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00674B94
                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00674BE3
                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00674C82
                                                                • wsprintfW.USER32 ref: 00674CAE
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00674CC9
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00674CF1
                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00674D13
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00674D33
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00674D5A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                • String ID: %d/%02d/%02d
                                                                • API String ID: 4054740463-328681919
                                                                • Opcode ID: 5f410ef5a214f06935e517d6584778f320922380a4e75865d5b06726ca71a0a1
                                                                • Instruction ID: 8502b05e1940a29cd84b0c6b317cfe1dcaee537cd0c8a10bb8e71738ddc05b0e
                                                                • Opcode Fuzzy Hash: 5f410ef5a214f06935e517d6584778f320922380a4e75865d5b06726ca71a0a1
                                                                • Instruction Fuzzy Hash: F812A171500259ABEB258F28CC4DFAE7BFAEF85710F108129F51ADB2E1DB789941CB50
                                                                Function 005FF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 005FF998
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0063F474
                                                                • IsIconic.USER32(00000000), ref: 0063F47D
                                                                • ShowWindow.USER32(00000000,00000009), ref: 0063F48A
                                                                • SetForegroundWindow.USER32(00000000), ref: 0063F494
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0063F4AA
                                                                • GetCurrentThreadId.KERNEL32 ref: 0063F4B1
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0063F4BD
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 0063F4CE
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 0063F4D6
                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0063F4DE
                                                                • SetForegroundWindow.USER32(00000000), ref: 0063F4E1
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0063F4F6
                                                                • keybd_event.USER32(00000012,00000000), ref: 0063F501
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0063F50B
                                                                • keybd_event.USER32(00000012,00000000), ref: 0063F510
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0063F519
                                                                • keybd_event.USER32(00000012,00000000), ref: 0063F51E
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0063F528
                                                                • keybd_event.USER32(00000012,00000000), ref: 0063F52D
                                                                • SetForegroundWindow.USER32(00000000), ref: 0063F530
                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0063F557
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 4125248594-2988720461
                                                                • Opcode ID: 58cdf190b999a9899c63b6bed77f64114ce83b86bb5bc3a5aeb22220beaa77c3
                                                                • Instruction ID: c49ba8be927df1b791c8c5670acaa25448c47fd8c4ae127402db0e42de0232b7
                                                                • Opcode Fuzzy Hash: 58cdf190b999a9899c63b6bed77f64114ce83b86bb5bc3a5aeb22220beaa77c3
                                                                • Instruction Fuzzy Hash: 5A317471E40218BBFB246BB55C4AFBF7E6EEB44B60F101029F604EA1D1C6B15D50ABA0
                                                                Function 00641201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 006416C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0064170D
                                                                  • Part of subcall function 006416C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0064173A
                                                                  • Part of subcall function 006416C3: GetLastError.KERNEL32 ref: 0064174A
                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00641286
                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 006412A8
                                                                • CloseHandle.KERNEL32(?), ref: 006412B9
                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 006412D1
                                                                • GetProcessWindowStation.USER32 ref: 006412EA
                                                                • SetProcessWindowStation.USER32(00000000), ref: 006412F4
                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00641310
                                                                  • Part of subcall function 006410BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006411FC), ref: 006410D4
                                                                  • Part of subcall function 006410BF: CloseHandle.KERNEL32(?,?,006411FC), ref: 006410E9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                • String ID: $default$winsta0$Zj
                                                                • API String ID: 22674027-1588436954
                                                                • Opcode ID: a12e6189f7f28883fa36ff3007a4bc82a4308b755c98729241815819931d0c2e
                                                                • Instruction ID: f2c6a26c1b7052023ad15199f0001ee6567e097f05aeb86b2dcdae8b7152c080
                                                                • Opcode Fuzzy Hash: a12e6189f7f28883fa36ff3007a4bc82a4308b755c98729241815819931d0c2e
                                                                • Instruction Fuzzy Hash: 3081CF71900209AFDF259FA4DC49FEE7BBAEF05710F14412DFA15BA2A0D7319984CB60
                                                                Function 00640B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 006410F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00641114
                                                                  • Part of subcall function 006410F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 00641120
                                                                  • Part of subcall function 006410F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 0064112F
                                                                  • Part of subcall function 006410F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 00641136
                                                                  • Part of subcall function 006410F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0064114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00640BCC
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00640C00
                                                                • GetLengthSid.ADVAPI32(?), ref: 00640C17
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00640C51
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00640C6D
                                                                • GetLengthSid.ADVAPI32(?), ref: 00640C84
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00640C8C
                                                                • HeapAlloc.KERNEL32(00000000), ref: 00640C93
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00640CB4
                                                                • CopySid.ADVAPI32(00000000), ref: 00640CBB
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00640CEA
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00640D0C
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00640D1E
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00640D45
                                                                • HeapFree.KERNEL32(00000000), ref: 00640D4C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00640D55
                                                                • HeapFree.KERNEL32(00000000), ref: 00640D5C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00640D65
                                                                • HeapFree.KERNEL32(00000000), ref: 00640D6C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00640D78
                                                                • HeapFree.KERNEL32(00000000), ref: 00640D7F
                                                                  • Part of subcall function 00641193: GetProcessHeap.KERNEL32(00000008,00640BB1,?,00000000,?,00640BB1,?), ref: 006411A1
                                                                  • Part of subcall function 00641193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00640BB1,?), ref: 006411A8
                                                                  • Part of subcall function 00641193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00640BB1,?), ref: 006411B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: 3639690636caedc9cd4bbe6d87503bb733c578904ab308c47b569a3ff47c17d8
                                                                • Instruction ID: 9222cc7a47253a124b94befda8ddd9ad14798b018d4a9a9fa293dd34de92158b
                                                                • Opcode Fuzzy Hash: 3639690636caedc9cd4bbe6d87503bb733c578904ab308c47b569a3ff47c17d8
                                                                • Instruction Fuzzy Hash: D071507190021AEBEF14DFE4DC44FEEBBBABF48310F044529EA15A7251D771A945CBA0
                                                                Function 0065EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OpenClipboard.USER32(0067CC08), ref: 0065EB29
                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0065EB37
                                                                • GetClipboardData.USER32(0000000D), ref: 0065EB43
                                                                • CloseClipboard.USER32 ref: 0065EB4F
                                                                • GlobalLock.KERNEL32(00000000), ref: 0065EB87
                                                                • CloseClipboard.USER32 ref: 0065EB91
                                                                • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0065EBBC
                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0065EBC9
                                                                • GetClipboardData.USER32(00000001), ref: 0065EBD1
                                                                • GlobalLock.KERNEL32(00000000), ref: 0065EBE2
                                                                • GlobalUnlock.KERNEL32(00000000,?), ref: 0065EC22
                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 0065EC38
                                                                • GetClipboardData.USER32(0000000F), ref: 0065EC44
                                                                • GlobalLock.KERNEL32(00000000), ref: 0065EC55
                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0065EC77
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0065EC94
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0065ECD2
                                                                • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0065ECF3
                                                                • CountClipboardFormats.USER32 ref: 0065ED14
                                                                • CloseClipboard.USER32 ref: 0065ED59
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                • String ID:
                                                                • API String ID: 420908878-0
                                                                • Opcode ID: 7aef2a459a3bf1a176777a1e879bd310d99c46f7f2fe26b14ae2f0b9545affd1
                                                                • Instruction ID: 253a5e72a90eb260f3a554552c35097f4ce53b50abcab41fdf99946c5831f858
                                                                • Opcode Fuzzy Hash: 7aef2a459a3bf1a176777a1e879bd310d99c46f7f2fe26b14ae2f0b9545affd1
                                                                • Instruction Fuzzy Hash: FA61E5342043429FD708EF20C888F6A7BA6FF84755F14555DF89A872A2CB32DE49CB61
                                                                Function 0065698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 006569BE
                                                                • FindClose.KERNEL32(00000000), ref: 00656A12
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00656A4E
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00656A75
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00656AB2
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00656ADF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                • API String ID: 3830820486-3289030164
                                                                • Opcode ID: 61524afe4dd2b90eff7aff1a3cc52584aafefd878f518daae11ec8fa3b9f3b6a
                                                                • Instruction ID: 3d2b4f85732f3db8423d472ddde7ec67adb08dd882d686f80ab9f8b2845c651f
                                                                • Opcode Fuzzy Hash: 61524afe4dd2b90eff7aff1a3cc52584aafefd878f518daae11ec8fa3b9f3b6a
                                                                • Instruction Fuzzy Hash: 4FD16071508341AEC314EB61C885EAFBBEDBF98704F44491DF999C7291EB34DA48CB62
                                                                Function 00659642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00659663
                                                                • GetFileAttributesW.KERNEL32(?), ref: 006596A1
                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 006596BB
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 006596D3
                                                                • FindClose.KERNEL32(00000000), ref: 006596DE
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 006596FA
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0065974A
                                                                • SetCurrentDirectoryW.KERNEL32(006A6B7C), ref: 00659768
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00659772
                                                                • FindClose.KERNEL32(00000000), ref: 0065977F
                                                                • FindClose.KERNEL32(00000000), ref: 0065978F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                • String ID: *.*
                                                                • API String ID: 1409584000-438819550
                                                                • Opcode ID: 2630b5890433ff8bb2c0df49d24fd269e94f35fd7c2b520d1863e710e831f3ea
                                                                • Instruction ID: 4d902f0ce25b3a27e56efcb5ef7db5bee842c252b908e7161a58c35aa3d4caba
                                                                • Opcode Fuzzy Hash: 2630b5890433ff8bb2c0df49d24fd269e94f35fd7c2b520d1863e710e831f3ea
                                                                • Instruction Fuzzy Hash: DE31B532541619AEDF18AFB4DC49ADE77AE9F09321F14415AF819E2190DB30DE88CE24
                                                                Function 0065979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 006597BE
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00659819
                                                                • FindClose.KERNEL32(00000000), ref: 00659824
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00659840
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00659890
                                                                • SetCurrentDirectoryW.KERNEL32(006A6B7C), ref: 006598AE
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 006598B8
                                                                • FindClose.KERNEL32(00000000), ref: 006598C5
                                                                • FindClose.KERNEL32(00000000), ref: 006598D5
                                                                  • Part of subcall function 0064DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0064DB00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                • String ID: *.*
                                                                • API String ID: 2640511053-438819550
                                                                • Opcode ID: b24357d22f73a138f8d6bd4d28d6dc54e0f9c3d907c7ddcf94a456c2ed873d66
                                                                • Instruction ID: 7d1cacb8f5b31d121da33970375b5b1d6dbc14b422058fb45b42acf8dcaeb8c0
                                                                • Opcode Fuzzy Hash: b24357d22f73a138f8d6bd4d28d6dc54e0f9c3d907c7ddcf94a456c2ed873d66
                                                                • Instruction Fuzzy Hash: 4031C131541219AEDB14AFB4EC48ADE77AE9F06331F14456AF814A22D1DB30DE898F34
                                                                Function 0066BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0066C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0066B6AE,?,?), ref: 0066C9B5
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066C9F1
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066CA68
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0066BF3E
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0066BFA9
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0066BFCD
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0066C02C
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0066C0E7
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0066C154
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0066C1E9
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0066C23A
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0066C2E3
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0066C382
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0066C38F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 3102970594-0
                                                                • Opcode ID: 4025d61dbff2f1f41ffeee0b1766d135782719575d371f013d98c9ed9cf6a7b1
                                                                • Instruction ID: 779e9065598571d44ff4e82398343267ec3a9f8ab300ef17a79341e939444952
                                                                • Opcode Fuzzy Hash: 4025d61dbff2f1f41ffeee0b1766d135782719575d371f013d98c9ed9cf6a7b1
                                                                • Instruction Fuzzy Hash: 53025D706046419FC714CF24C895E2ABBE5BF89314F18849DF88ADB3A2D731ED46CB91
                                                                Function 00658195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocalTime.KERNEL32(?), ref: 00658257
                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00658267
                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00658273
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00658310
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00658324
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00658356
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0065838C
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00658395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                • String ID: *.*
                                                                • API String ID: 1464919966-438819550
                                                                • Opcode ID: 106ae4c2e2620c5427259dc5974428693d94eb7db133721eb31617374b2b84e1
                                                                • Instruction ID: e61195a678700996ace16fef09a4090857f54d7eda8bfa040ff131e331f15a1d
                                                                • Opcode Fuzzy Hash: 106ae4c2e2620c5427259dc5974428693d94eb7db133721eb31617374b2b84e1
                                                                • Instruction Fuzzy Hash: C46189725043459FCB14EF60C8449AFB7EAFF89311F04881EF99997251EB31EA49CB92
                                                                Function 0064D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,005E3A97,?,?,005E2E7F,?,?,?,00000000), ref: 005E3AC2
                                                                  • Part of subcall function 0064E199: GetFileAttributesW.KERNEL32(?,0064CF95), ref: 0064E19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0064D122
                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0064D1DD
                                                                • MoveFileW.KERNEL32(?,?), ref: 0064D1F0
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 0064D20D
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0064D237
                                                                  • Part of subcall function 0064D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0064D21C,?,?), ref: 0064D2B2
                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 0064D253
                                                                • FindClose.KERNEL32(00000000), ref: 0064D264
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 1946585618-1173974218
                                                                • Opcode ID: d81d7e9e99233db45aee69df60f8d0aa6c06fa08fbcae745e616148281297eed
                                                                • Instruction ID: d01d865eed7c769c762d0e96e558d31ff7c0c789984ea8e0aa4f73483ec94b2e
                                                                • Opcode Fuzzy Hash: d81d7e9e99233db45aee69df60f8d0aa6c06fa08fbcae745e616148281297eed
                                                                • Instruction Fuzzy Hash: E1618E31C0514E9BCF19EBE1C9969EEBBB6BF95300F204069E445771A2EB316F49CB60
                                                                Function 0065ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                • String ID:
                                                                • API String ID: 1737998785-0
                                                                • Opcode ID: b8e397a952cb339b28119c8bf4efb03352d7dbea200631202dc286f4b496b9a8
                                                                • Instruction ID: 018c0c958585259f46a927d14bfba391d680b52a8d1eeabba23fd15130e409f1
                                                                • Opcode Fuzzy Hash: b8e397a952cb339b28119c8bf4efb03352d7dbea200631202dc286f4b496b9a8
                                                                • Instruction Fuzzy Hash: 9241E330204611AFDB18CF15D889B59BBE2FF44329F14C09DE8298B762C736ED82CB80
                                                                Function 0064E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 006416C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0064170D
                                                                  • Part of subcall function 006416C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0064173A
                                                                  • Part of subcall function 006416C3: GetLastError.KERNEL32 ref: 0064174A
                                                                • ExitWindowsEx.USER32(?,00000000), ref: 0064E932
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                • API String ID: 2234035333-3163812486
                                                                • Opcode ID: 14b14430fa06db3c5a7af5c63d3b2a79b89379c11679b6f10431cdf0d3aecb15
                                                                • Instruction ID: 16e1595898303a5bcd04bb3217e408b5b9adc66ef3e59c7ee0e8fea7da7fde74
                                                                • Opcode Fuzzy Hash: 14b14430fa06db3c5a7af5c63d3b2a79b89379c11679b6f10431cdf0d3aecb15
                                                                • Instruction Fuzzy Hash: 7B01F973610211AFEB6466B49C86FFF729EB714751F151825FD13E22D2D6A25C8082E4
                                                                Function 00661204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00661276
                                                                • WSAGetLastError.WSOCK32 ref: 00661283
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 006612BA
                                                                • WSAGetLastError.WSOCK32 ref: 006612C5
                                                                • closesocket.WSOCK32(00000000), ref: 006612F4
                                                                • listen.WSOCK32(00000000,00000005), ref: 00661303
                                                                • WSAGetLastError.WSOCK32 ref: 0066130D
                                                                • closesocket.WSOCK32(00000000), ref: 0066133C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                • String ID:
                                                                • API String ID: 540024437-0
                                                                • Opcode ID: bef2eea29aaba7057b71d62d0b2a7ce52897ef1fed11c129ddcb82c32b691b40
                                                                • Instruction ID: 4df2497bea3f833e151461c9e8f8b4405cdcb7a04a845948ce44bb201d30e355
                                                                • Opcode Fuzzy Hash: bef2eea29aaba7057b71d62d0b2a7ce52897ef1fed11c129ddcb82c32b691b40
                                                                • Instruction Fuzzy Hash: 27416F31A001419FD714DF64C498B6ABBE6BF86328F1C819CD8569F396C771ED82CBA1
                                                                Function 0061B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 0061B9D4
                                                                • _free.LIBCMT ref: 0061B9F8
                                                                • _free.LIBCMT ref: 0061BB7F
                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00683700), ref: 0061BB91
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,006B121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0061BC09
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,006B1270,000000FF,?,0000003F,00000000,?), ref: 0061BC36
                                                                • _free.LIBCMT ref: 0061BD4B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                • String ID:
                                                                • API String ID: 314583886-0
                                                                • Opcode ID: 9e1b6dbc4f1d917add39e1b2e4e5f20cf5c12d7ea089047680e85b511901b18a
                                                                • Instruction ID: ff91e2800e1484de4349751ee2db9dd706106a0c5b8256b8bc75428678d1ee0e
                                                                • Opcode Fuzzy Hash: 9e1b6dbc4f1d917add39e1b2e4e5f20cf5c12d7ea089047680e85b511901b18a
                                                                • Instruction Fuzzy Hash: 79C12771904205AFCB249F69D851AEA7BBBEF42310F1C619EE490DB351DB309EC28B94
                                                                Function 0064D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,005E3A97,?,?,005E2E7F,?,?,?,00000000), ref: 005E3AC2
                                                                  • Part of subcall function 0064E199: GetFileAttributesW.KERNEL32(?,0064CF95), ref: 0064E19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0064D420
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 0064D470
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0064D481
                                                                • FindClose.KERNEL32(00000000), ref: 0064D498
                                                                • FindClose.KERNEL32(00000000), ref: 0064D4A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 2649000838-1173974218
                                                                • Opcode ID: 4d635e2390e09632c5a2c52a5ebdb9811b2924b89c763eaaebffbf58bfdbeb67
                                                                • Instruction ID: 22ef79de3878e2dc9913024521a71a792f35f5562f5720ba4b1441f9fc3052d4
                                                                • Opcode Fuzzy Hash: 4d635e2390e09632c5a2c52a5ebdb9811b2924b89c763eaaebffbf58bfdbeb67
                                                                • Instruction Fuzzy Hash: E63170314083829BC308EF65C8558AF7BE9BED5314F444E1DF4D5932A1EB20AA49CB63
                                                                Function 0061E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: __floor_pentium4
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 4168288129-2761157908
                                                                • Opcode ID: ac2b2f96103a44d4bddda5ca6d04fd31b04d442125afb8124e28c3f6a5f18a43
                                                                • Instruction ID: 0bcb0b891b8d63ca2755fbfbc4fa92b258759573225e9ae9ff72f2041b21797f
                                                                • Opcode Fuzzy Hash: ac2b2f96103a44d4bddda5ca6d04fd31b04d442125afb8124e28c3f6a5f18a43
                                                                • Instruction Fuzzy Hash: F2C23B71E046298FDB65CF289D407EAB7B6EB44305F1841EAD84DE7281E775AEC18F40
                                                                Function 0065648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 006564DC
                                                                • CoInitialize.OLE32(00000000), ref: 00656639
                                                                • CoCreateInstance.OLE32(0067FCF8,00000000,00000001,0067FB68,?), ref: 00656650
                                                                • CoUninitialize.OLE32 ref: 006568D4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 886957087-24824748
                                                                • Opcode ID: 048a90f170f1f89e15e543fa458108518153311aee94524533bd76af8dd45356
                                                                • Instruction ID: f2329dc14018c29a49314ba794d4b7c2ed04184bbdbc55c31bc0d39ff6ab48c5
                                                                • Opcode Fuzzy Hash: 048a90f170f1f89e15e543fa458108518153311aee94524533bd76af8dd45356
                                                                • Instruction Fuzzy Hash: 2AD169715082419FC314EF24C8859ABBBE9FFD8304F40496DF5958B2A1EB30EE49CB92
                                                                Function 006622DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 006622E8
                                                                  • Part of subcall function 0065E4EC: GetWindowRect.USER32(?,?), ref: 0065E504
                                                                • GetDesktopWindow.USER32 ref: 00662312
                                                                • GetWindowRect.USER32(00000000), ref: 00662319
                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00662355
                                                                • GetCursorPos.USER32(?), ref: 00662381
                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 006623DF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                • String ID:
                                                                • API String ID: 2387181109-0
                                                                • Opcode ID: 0f05ed118ec4a232c5385f1ac42f53c83b41379948ada350f03c43fe546c2acf
                                                                • Instruction ID: 93d9971710887c5ee1badf0a662f334a09a8ef4d251a86cff15e6c001f9c6dfd
                                                                • Opcode Fuzzy Hash: 0f05ed118ec4a232c5385f1ac42f53c83b41379948ada350f03c43fe546c2acf
                                                                • Instruction Fuzzy Hash: 6131E272505716AFD724DF54C845B9BBBAAFF84320F00091DF989A7281DB35EA48CB92
                                                                Function 00659B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00659B78
                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00659C8B
                                                                  • Part of subcall function 00653874: GetInputState.USER32 ref: 006538CB
                                                                  • Part of subcall function 00653874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00653966
                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00659BA8
                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00659C75
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                • String ID: *.*
                                                                • API String ID: 1972594611-438819550
                                                                • Opcode ID: 3a0c6ec318993ac64b191d4f12107474b01546f9a1da684fc6184f2d60e681ee
                                                                • Instruction ID: e5c6f7fc03d9f4852815d1d16e1240e267ebfc9a80ed81ef5844e217e2733e5c
                                                                • Opcode Fuzzy Hash: 3a0c6ec318993ac64b191d4f12107474b01546f9a1da684fc6184f2d60e681ee
                                                                • Instruction Fuzzy Hash: 3941517190420ADFDF58DF64C849AEE7BBAFF45311F244159F805A2291EB309E89CF60
                                                                Function 005F997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 005F9A4E
                                                                • GetSysColor.USER32(0000000F), ref: 005F9B23
                                                                • SetBkColor.GDI32(?,00000000), ref: 005F9B36
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$LongProcWindow
                                                                • String ID:
                                                                • API String ID: 3131106179-0
                                                                • Opcode ID: 99cdccadf115b3c42afe6bc076c04d83cc0610eebc402a13ac429beea06491cb
                                                                • Instruction ID: ece32333188b73f13ccf45392a048395943f461de088ee049823d34f6a306184
                                                                • Opcode Fuzzy Hash: 99cdccadf115b3c42afe6bc076c04d83cc0610eebc402a13ac429beea06491cb
                                                                • Instruction Fuzzy Hash: DEA121F0108848BFE738AA3C8C59FBB2D9FFB83350F154509F652C6695CA299D41D2B5
                                                                Function 00661806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0066304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0066307A
                                                                  • Part of subcall function 0066304E: _wcslen.LIBCMT ref: 0066309B
                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0066185D
                                                                • WSAGetLastError.WSOCK32 ref: 00661884
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 006618DB
                                                                • WSAGetLastError.WSOCK32 ref: 006618E6
                                                                • closesocket.WSOCK32(00000000), ref: 00661915
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 1601658205-0
                                                                • Opcode ID: 10858f898bbc1a6bb722287a3ee05419be4819342666eaa0ab4c6d8cc62f610d
                                                                • Instruction ID: c996e8ca1333c438d9206a9d8ba1d94c3d9265711a27f6f9f63b45a40cbdbdfa
                                                                • Opcode Fuzzy Hash: 10858f898bbc1a6bb722287a3ee05419be4819342666eaa0ab4c6d8cc62f610d
                                                                • Instruction Fuzzy Hash: AF51C571A002009FDB14EF24C88AF6A7BE6AB85718F08845CF9555F3C3D775ED418BA1
                                                                Function 00671C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                • String ID:
                                                                • API String ID: 292994002-0
                                                                • Opcode ID: aec80efa3a512150eb34ea40dad0d3ab5ffeba6d316cc1a3f256b0e30faed3ec
                                                                • Instruction ID: 0f0ea23c1f888fcfa21030defa37a3255b6602d6547d729d3498133d1f3ae37f
                                                                • Opcode Fuzzy Hash: aec80efa3a512150eb34ea40dad0d3ab5ffeba6d316cc1a3f256b0e30faed3ec
                                                                • Instruction Fuzzy Hash: CF21B1317402015FD7258F6EC894B6A7BA6AF86324B19C05EE84E8F352CB75DC42CB90
                                                                Function 005E8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                • API String ID: 0-1546025612
                                                                • Opcode ID: 2801d17a98d5e6bdd08b2ea32f9bdfe1cc10ec1af87d4dfdafdbaf761bb2da53
                                                                • Instruction ID: 11181399345b301a2f2aabe61b4474477bd67ebddce57821283cd16191e57ca7
                                                                • Opcode Fuzzy Hash: 2801d17a98d5e6bdd08b2ea32f9bdfe1cc10ec1af87d4dfdafdbaf761bb2da53
                                                                • Instruction Fuzzy Hash: 5DA27E70A0066ACBDF28CF59D9407FDBBB2BB54314F24859AE85AA7385DB309D81CF50
                                                                Function 00648298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 006482AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID: ($tbj$|
                                                                • API String ID: 1659193697-2372207717
                                                                • Opcode ID: 34154801b52594ba7930da733c599e5bb56ec416f9dc8f85eb676b6e9292b846
                                                                • Instruction ID: 84103af8e9ed4944c1b15361bb6b537a3d8fbfc5931c88808fa09d2603149d12
                                                                • Opcode Fuzzy Hash: 34154801b52594ba7930da733c599e5bb56ec416f9dc8f85eb676b6e9292b846
                                                                • Instruction Fuzzy Hash: F6323474A00605DFCB28CF59C481AAAB7F1FF48710B15C46EE59ADB7A1EB70E981CB44
                                                                Function 0064AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0064AAAC
                                                                • SetKeyboardState.USER32(00000080), ref: 0064AAC8
                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0064AB36
                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0064AB88
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: d3c8f8ba50c1102d269fef1ec525c740b6eaba167b6792a0fac313d65169ea1c
                                                                • Instruction ID: 2113d363cba2c28707ff46eedd7373a61274a9228ed063c5584d2a75c04eee4d
                                                                • Opcode Fuzzy Hash: d3c8f8ba50c1102d269fef1ec525c740b6eaba167b6792a0fac313d65169ea1c
                                                                • Instruction Fuzzy Hash: D231D270AC0248BFFB258AA4CC05BFA7BA7EB45320F04421AE585966D1D3758981C766
                                                                Function 0065CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 0065CE89
                                                                • GetLastError.KERNEL32(?,00000000), ref: 0065CEEA
                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 0065CEFE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorEventFileInternetLastRead
                                                                • String ID:
                                                                • API String ID: 234945975-0
                                                                • Opcode ID: d43a39fe74def809f8ef01d4a82c5caf2283912482f47e44bb7a6404f0d27799
                                                                • Instruction ID: 1ff8aa2f897046c12b35aff21b7ae70ccbe44658303ac24086df0023f4c9e831
                                                                • Opcode Fuzzy Hash: d43a39fe74def809f8ef01d4a82c5caf2283912482f47e44bb7a6404f0d27799
                                                                • Instruction Fuzzy Hash: 6221BDB15003059FE720DFA5C949BA777FAEF00329F10481EE946A2291E770EE498B54
                                                                Function 00655C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00655CC1
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00655D17
                                                                • FindClose.KERNEL32(?), ref: 00655D5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: 1b29ef6c9d92b0c1ad113a8e6a0389a1e69854db8a0c624b0272c0399239f1bc
                                                                • Instruction ID: 8379434c57ab2e856b52c464ee762d9e5260a2fbf281cb92b4b4562223b9e272
                                                                • Opcode Fuzzy Hash: 1b29ef6c9d92b0c1ad113a8e6a0389a1e69854db8a0c624b0272c0399239f1bc
                                                                • Instruction Fuzzy Hash: 35519E356046019FC718DF28C4A8A96BBF5FF49314F14865DE9AA8B3A1CB30ED45CF91
                                                                Function 00612622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 0061271A
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00612724
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00612731
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                • String ID:
                                                                • API String ID: 3906539128-0
                                                                • Opcode ID: 365b9c1ed5bc9b507dc647703f9a302039a4d39907c0535a5551ba10bf7b388d
                                                                • Instruction ID: feae3c539129c2b7dfaafd0f7e4e010127e5bcc5efb3e20ecc9365b031130d73
                                                                • Opcode Fuzzy Hash: 365b9c1ed5bc9b507dc647703f9a302039a4d39907c0535a5551ba10bf7b388d
                                                                • Instruction Fuzzy Hash: 9F31D5749412199BCB65DF68DC887DDB7B9AF08320F5041EAE41CA72A1E7309FC18F45
                                                                Function 006551CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 006551DA
                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00655238
                                                                • SetErrorMode.KERNEL32(00000000), ref: 006552A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                • String ID:
                                                                • API String ID: 1682464887-0
                                                                • Opcode ID: ba6e6ef61a346cde2d00a804983db5a699d120b4d9d946cf2d904088ef1c4468
                                                                • Instruction ID: 3af4fd55bec34b5da88fa27de2c21a35ab8412b6536b1a5ca2a44f0d7b5d86f0
                                                                • Opcode Fuzzy Hash: ba6e6ef61a346cde2d00a804983db5a699d120b4d9d946cf2d904088ef1c4468
                                                                • Instruction Fuzzy Hash: 31318E35A00609DFDB00DF54D888EADBBB5FF48314F048099E849AB362DB31ED5ACB90
                                                                Function 006416C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005FFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00600668
                                                                  • Part of subcall function 005FFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00600685
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0064170D
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0064173A
                                                                • GetLastError.KERNEL32 ref: 0064174A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                • String ID:
                                                                • API String ID: 577356006-0
                                                                • Opcode ID: 46296fce7f6215f46893e8da2b706df533366b34dfe874aeb82449cdcd0bf6be
                                                                • Instruction ID: 9828fde58adca24a912df731eb4d204ae29027adeab206212582a19bef80418b
                                                                • Opcode Fuzzy Hash: 46296fce7f6215f46893e8da2b706df533366b34dfe874aeb82449cdcd0bf6be
                                                                • Instruction Fuzzy Hash: 8C11C4B1400309AFD7189F64DC86DAABBBAFF44724B20852EE05697641EB70FC818B60
                                                                Function 0064D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0064D608
                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0064D645
                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0064D650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                • String ID:
                                                                • API String ID: 33631002-0
                                                                • Opcode ID: 86b9a5d7a7db5c262c4c8c4f9e711b6c6d5ee138c80bc5a234e9e933537df0c1
                                                                • Instruction ID: d8ff92be5f261ea625d9c31517ea16bf9d71f47d887e5d94c3d4353e019a05f5
                                                                • Opcode Fuzzy Hash: 86b9a5d7a7db5c262c4c8c4f9e711b6c6d5ee138c80bc5a234e9e933537df0c1
                                                                • Instruction Fuzzy Hash: CF118E71E01228BFDB108F98DC44FAFBBBDEB45B60F108125F908E7290D2704A018BA1
                                                                Function 00641663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0064168C
                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006416A1
                                                                • FreeSid.ADVAPI32(?), ref: 006416B1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                • String ID:
                                                                • API String ID: 3429775523-0
                                                                • Opcode ID: 64fd99ccc4221549fb9be27e96980c8c78c6d282eab5255dede491689acad734
                                                                • Instruction ID: 3751ac3ffdd67bc93d146f482e082e427b639ea26292b6c5e2c7d7c73f99ebbe
                                                                • Opcode Fuzzy Hash: 64fd99ccc4221549fb9be27e96980c8c78c6d282eab5255dede491689acad734
                                                                • Instruction Fuzzy Hash: F0F0F471950309FBDB00DFE49C89EAEBBBDFB08614F504565E501E2181E775AA848BA0
                                                                Function 0061C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: /
                                                                • API String ID: 0-2043925204
                                                                • Opcode ID: 6ea8135aed87a81dfe496928a1095584e887b308a69271dc2e2ab6b7265f2525
                                                                • Instruction ID: 9572899096b3de26e2f5e9d827a660c518fe75c463c0d4b1aa68a60c7fa7caa0
                                                                • Opcode Fuzzy Hash: 6ea8135aed87a81dfe496928a1095584e887b308a69271dc2e2ab6b7265f2525
                                                                • Instruction Fuzzy Hash: 1B412672540219AFCB249FB9CC48EFF77BAEB84324F14426DF915C7280E6319E818B54
                                                                Function 0063D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserNameW.ADVAPI32(?,?), ref: 0063D28C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID: X64
                                                                • API String ID: 2645101109-893830106
                                                                • Opcode ID: df0e62c1e6fb3f5d36abb39869f80e6c108b65d2c4adfb60d381eb41c50dbdba
                                                                • Instruction ID: 8581e6b224ab77eb03bcdc75ad75d95c53a8892a65c218b3aca77a35f4bf738f
                                                                • Opcode Fuzzy Hash: df0e62c1e6fb3f5d36abb39869f80e6c108b65d2c4adfb60d381eb41c50dbdba
                                                                • Instruction Fuzzy Hash: 8FD0C9B480111DEACF94CB90EC88DDAB77DBB04305F100555F606A2000DB3496499F60
                                                                Function 0060CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction ID: efc678778fc684133a51391029ea18367d33ea18eac0f021ac7692d0911d7184
                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction Fuzzy Hash: 71020C71E401199FDF18CFA9D8806EEBBF2EF48324F254269D919EB384D731A941CB94
                                                                Function 005ECAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Variable is not of type 'Object'.$p#k
                                                                • API String ID: 0-2343768061
                                                                • Opcode ID: 2a243d8e15ebecd6247e7c578d3758ec3a14ccc917e57620f3697fc324343262
                                                                • Instruction ID: 41927a632a055bc58974f20d3de3b07698007801bac9cb3db7cf4d05e3437179
                                                                • Opcode Fuzzy Hash: 2a243d8e15ebecd6247e7c578d3758ec3a14ccc917e57620f3697fc324343262
                                                                • Instruction Fuzzy Hash: 9032AB70900259DFDF18DF91C995AEDBFBABF44304F204059E896AB282D735ED4ACB50
                                                                Function 006568EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00656918
                                                                • FindClose.KERNEL32(00000000), ref: 00656961
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: 62d70a52914aac7f0f66f1fc7e6d990e460119a0625f0573ae663e7cd448d74a
                                                                • Instruction ID: b7931a13bff1fcdd8a1b927dd4dbfe1daa9e696325c258d1d5935f008b594595
                                                                • Opcode Fuzzy Hash: 62d70a52914aac7f0f66f1fc7e6d990e460119a0625f0573ae663e7cd448d74a
                                                                • Instruction Fuzzy Hash: 1F11AF316042019FC714CF29D488A16BBE1FF84329F44C699F8698B3A2CB30EC45CB91
                                                                Function 006537B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00664891,?,?,00000035,?), ref: 006537E4
                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00664891,?,?,00000035,?), ref: 006537F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorFormatLastMessage
                                                                • String ID:
                                                                • API String ID: 3479602957-0
                                                                • Opcode ID: 7ce246d044b08ec84c041eb31447b5e92df5eee1870d8df55cec9a5190cd05b8
                                                                • Instruction ID: 5cf26298b4ef12b29245c71fdaabff443a548d95efa7cc492ca6178efbfd3ced
                                                                • Opcode Fuzzy Hash: 7ce246d044b08ec84c041eb31447b5e92df5eee1870d8df55cec9a5190cd05b8
                                                                • Instruction Fuzzy Hash: FBF0A7706043252AE71017765C4DFDB3A9FEFC5771F000165B509D2281D960594486B0
                                                                Function 0064B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0064B25D
                                                                • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0064B270
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: InputSendkeybd_event
                                                                • String ID:
                                                                • API String ID: 3536248340-0
                                                                • Opcode ID: b18226d7a3635063d11bad732b0c5a4776bb523041484d63af562c95dc14fa64
                                                                • Instruction ID: 806ae0dcf35c06cd05e10fb9464001bb9a5245cb23af1938e01e3eaeda7afefc
                                                                • Opcode Fuzzy Hash: b18226d7a3635063d11bad732b0c5a4776bb523041484d63af562c95dc14fa64
                                                                • Instruction Fuzzy Hash: 0EF01D7180424EABDB059FA0C805BFE7BB5FF04315F009009F955A5191D7B9C6519F94
                                                                Function 006410BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006411FC), ref: 006410D4
                                                                • CloseHandle.KERNEL32(?,?,006411FC), ref: 006410E9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                • String ID:
                                                                • API String ID: 81990902-0
                                                                • Opcode ID: 350b543634d62900c2ce3dc6e1b846afb5ff79e0c76c809b6b3137846c43a211
                                                                • Instruction ID: 8a7c0da5c5da320c03cbf47464acd4763126154906b04f21fe4ebff26056aed9
                                                                • Opcode Fuzzy Hash: 350b543634d62900c2ce3dc6e1b846afb5ff79e0c76c809b6b3137846c43a211
                                                                • Instruction Fuzzy Hash: 7AE0BF72014611AEF7252B61FC09E777BAAFF04720B14882DF5A5844B1DB626CD0DB50
                                                                Function 0061676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00616766,?,?,00000008,?,?,0061FEFE,00000000), ref: 00616998
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise
                                                                • String ID:
                                                                • API String ID: 3997070919-0
                                                                • Opcode ID: 0dda52b43f4f123a43a3f68aca3bde5b4c2db896d30fac350d1a907458b5bcea
                                                                • Instruction ID: f71397cfec9e4e16108660afe205f61f009fd5fbcc883c2a8eea388cc7f76c65
                                                                • Opcode Fuzzy Hash: 0dda52b43f4f123a43a3f68aca3bde5b4c2db896d30fac350d1a907458b5bcea
                                                                • Instruction Fuzzy Hash: 65B14B396106099FD715CF28C486BE57BE1FF45364F298658F89ACF2A2C335E992CB40
                                                                Function 005FB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 8a9898f8e2676e52d6d83aabc7580a0f44725ff2d773ce1ad7aa1e1b10b6f4ba
                                                                • Instruction ID: b7a92bde5cf28003a7bb6a64466ae2eba638a02fae7e87b6831126f2eb737a0b
                                                                • Opcode Fuzzy Hash: 8a9898f8e2676e52d6d83aabc7580a0f44725ff2d773ce1ad7aa1e1b10b6f4ba
                                                                • Instruction Fuzzy Hash: E9124D71900229DFDF14CF58C9816FEBBB6FF48710F14819AE949EB255EB349A81CB90
                                                                Function 0065EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • BlockInput.USER32(00000001), ref: 0065EABD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: BlockInput
                                                                • String ID:
                                                                • API String ID: 3456056419-0
                                                                • Opcode ID: eca9f20db209f54ffd180c67b5a6f3ba276fb506a11efb3dbc0d49b46b42d545
                                                                • Instruction ID: 09a0df82b9112cc12f06c47f515c3a05a1302faaa6ad209f70b0046bf1d61b4b
                                                                • Opcode Fuzzy Hash: eca9f20db209f54ffd180c67b5a6f3ba276fb506a11efb3dbc0d49b46b42d545
                                                                • Instruction Fuzzy Hash: A8E01A312002059FD714EF6AD848E9ABBEEBF98761F00841AFD4AC7351DA71E9458B90
                                                                Function 006009D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,006003EE), ref: 006009DA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled
                                                                • String ID:
                                                                • API String ID: 3192549508-0
                                                                • Opcode ID: a54c304c889e04c2e520d458d377545b77e5678e5d16035585115f7f199e0f8e
                                                                • Instruction ID: b7ff286092e50a4541089129221c75c503fb04c548906156d47f46dd29a29381
                                                                • Opcode Fuzzy Hash: a54c304c889e04c2e520d458d377545b77e5678e5d16035585115f7f199e0f8e
                                                                • Instruction Fuzzy Hash:
                                                                Function 0060781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0
                                                                • API String ID: 0-4108050209
                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction ID: 13494bc7800c11ea0913492aeccdc7bc7ed035c14d54938e5a74f044b3aa7faa
                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction Fuzzy Hash: FC515961FCC6455BDB3C8568885D7FF63879B52300F18852AD886D73C2CA15FE42D36A
                                                                Function 00652046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0&k
                                                                • API String ID: 0-3264481142
                                                                • Opcode ID: 35cf5c283b6673ef2ba286b2d1c46d83ded76f024b050c01aefe5ac4f6f38886
                                                                • Instruction ID: 399d522470fb9255869d2aaccb39e9c2a1a70b4cdb228982d3d46e43fac3f13a
                                                                • Opcode Fuzzy Hash: 35cf5c283b6673ef2ba286b2d1c46d83ded76f024b050c01aefe5ac4f6f38886
                                                                • Instruction Fuzzy Hash: B921BB726615118BD72CCF79C8236BE73E6A754310F15862EE4A7C77D0DE35A944C740
                                                                Function 00616DD9 Relevance: .6, Instructions: 637COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d4f61b558c71a5829259ea52b0cf25dfa2d7345998e1277cfcbb537052f18d4
                                                                • Instruction ID: bd4724d6720de67db9d93434d7071098a867e3779116591335fbf8a8a0f1cae1
                                                                • Opcode Fuzzy Hash: 1d4f61b558c71a5829259ea52b0cf25dfa2d7345998e1277cfcbb537052f18d4
                                                                • Instruction Fuzzy Hash: F7320331D29F014DD7239634D832375A69AAFB73C5F19D737E81AB5AA5EB29C4C34200
                                                                Function 005FCC39 Relevance: .6, Instructions: 635COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b9575f44f9fb34fd672067777c0ed4126423ec66feb302f205dec4dfe883abbc
                                                                • Instruction ID: 21dfa1360da2c4b7bd1c0ef4907cf3d506a32e83d54e217211586c83d8ee217a
                                                                • Opcode Fuzzy Hash: b9575f44f9fb34fd672067777c0ed4126423ec66feb302f205dec4dfe883abbc
                                                                • Instruction Fuzzy Hash: 58320631A0015D8BCF24DB29C5946BD7FA3FF45320F28856AF95AAB391D634DD81DB80
                                                                Function 005E7920 Relevance: .6, Instructions: 563COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e12c78705d63e0affc5d2bcdfa23c4356865b1207839771ad7239a6799f3d519
                                                                • Instruction ID: 6ab3332d3335d41ab2d0cc6a3ade7759f63c3f67306f4b0e197aa8da563abc6a
                                                                • Opcode Fuzzy Hash: e12c78705d63e0affc5d2bcdfa23c4356865b1207839771ad7239a6799f3d519
                                                                • Instruction Fuzzy Hash: 0622C070A04A5ADFDF18DF65D881AAEBBF6FF48300F104529E852A7291EB35AD11CF50
                                                                Function 005E91C0 Relevance: .5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eed6fb587def6e53198a282640aa68a345444235fba65be8fc69947992136d1b
                                                                • Instruction ID: 4d1f439251f68b7108b8fcfa3b408f2d2501bae4d8641717b16e47de21a3c5dc
                                                                • Opcode Fuzzy Hash: eed6fb587def6e53198a282640aa68a345444235fba65be8fc69947992136d1b
                                                                • Instruction Fuzzy Hash: 0302D6B0E0061AEBDF04DF55D885AAEBBB2FF44300F108569E9569B391E731AE11CF91
                                                                Function 00619EEE Relevance: .3, Instructions: 294COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4a38073bc4e01d690bfec1a4fbd840091189e56dbee9735b92018dc5dbc4b1a9
                                                                • Instruction ID: 01537507779d5d5959b563531eb34a6b2fec578b50b56e5e99469810d048154a
                                                                • Opcode Fuzzy Hash: 4a38073bc4e01d690bfec1a4fbd840091189e56dbee9735b92018dc5dbc4b1a9
                                                                • Instruction Fuzzy Hash: FBB1F430D2AF905ED72396398831336B65D6FBB6D5F51E71BFC1674E22EB2185834240
                                                                Function 00601C77 Relevance: .3, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction ID: 645f0bf3a456bf455d1fc7ee922ffb0ed0d3cd90ae75c8af9a5908b279c20bce
                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction Fuzzy Hash: DD9157725880A34ADB2D463A85740BFFFE25E933A131A079DD4F2CE2C5FE14D955D620
                                                                Function 00601F32 Relevance: .2, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction ID: e9609c0464459400b0b41f62ebbe71cc634709c9f98272ee0897c514cd67f4ca
                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction Fuzzy Hash: B49175726491A34ADB6D423A847807FFFE35E923A131A07DDD5F2CF2C5EE248554D620
                                                                Function 006019B0 Relevance: .2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction ID: aafea6beff6574688e2d08ea36c4f0ecead3608362a745056c5dd07a2b5ae2f2
                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction Fuzzy Hash: D59154726890A34ADB2D427A857407FFFE25A933A131A079DD4F2CE2C1FE14C655D620
                                                                Function 00607A4A Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bbe48bb53bee526dd4c78a07af0508160a38389adbf219fa0fecf5b45bce684a
                                                                • Instruction ID: 4a9ed6ab4ec003b5d0c2762183e313bf82b8bf4fa35802dd8179b525a136336b
                                                                • Opcode Fuzzy Hash: bbe48bb53bee526dd4c78a07af0508160a38389adbf219fa0fecf5b45bce684a
                                                                • Instruction Fuzzy Hash: 61612321FC87496AEA7C9D2889A5BFF3397DB51300F10091DE882CB3C1DB51BE428369
                                                                Function 00607CA7 Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b9c4ccb032dd30ec61fcb4a08400618765d79746e9c0e8eab4b86bedde211202
                                                                • Instruction ID: adefa82553dfde103bba0e343f4d7ce9fd3edb53a373af199a993a9ba78364ea
                                                                • Opcode Fuzzy Hash: b9c4ccb032dd30ec61fcb4a08400618765d79746e9c0e8eab4b86bedde211202
                                                                • Instruction Fuzzy Hash: 5E616971EC870966DE3C9A289855BFF2397EF42704F10095DE982DB3C1EA52FD428359
                                                                Function 00601706 Relevance: .2, Instructions: 232COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction ID: 95781a0f35a8c7fb11fdbed5ce78265a8abd8701911d58c0e4c7b5aedbb80b2b
                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction Fuzzy Hash: BD8165326490A34ADB6D427A85744BFFFE35A933A131A479DD4F2CE2C1FE24C654D620
                                                                Function 00662ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 00662B30
                                                                • DeleteObject.GDI32(00000000), ref: 00662B43
                                                                • DestroyWindow.USER32 ref: 00662B52
                                                                • GetDesktopWindow.USER32 ref: 00662B6D
                                                                • GetWindowRect.USER32(00000000), ref: 00662B74
                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00662CA3
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00662CB1
                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662CF8
                                                                • GetClientRect.USER32(00000000,?), ref: 00662D04
                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00662D40
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662D62
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662D75
                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662D80
                                                                • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662D89
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662D98
                                                                • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662DA1
                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662DA8
                                                                • GlobalFree.KERNEL32(00000000), ref: 00662DB3
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662DC5
                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0067FC38,00000000), ref: 00662DDB
                                                                • GlobalFree.KERNEL32(00000000), ref: 00662DEB
                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00662E11
                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00662E30
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00662E52
                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0066303F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                • API String ID: 2211948467-2373415609
                                                                • Opcode ID: e69520ce339e2e2dd2e5681bddc6cada40047d752e4a99b79b099c06631a9167
                                                                • Instruction ID: ee71c9b7040162a05baec70188f88af251824b27137c2bcf18f950d458c3d578
                                                                • Opcode Fuzzy Hash: e69520ce339e2e2dd2e5681bddc6cada40047d752e4a99b79b099c06631a9167
                                                                • Instruction Fuzzy Hash: FA028D71500205EFDB18DF64CC99EAE7BBAFF49720F048159F919AB2A1DB70AD41CB60
                                                                Function 006770D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetTextColor.GDI32(?,00000000), ref: 0067712F
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00677160
                                                                • GetSysColor.USER32(0000000F), ref: 0067716C
                                                                • SetBkColor.GDI32(?,000000FF), ref: 00677186
                                                                • SelectObject.GDI32(?,?), ref: 00677195
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 006771C0
                                                                • GetSysColor.USER32(00000010), ref: 006771C8
                                                                • CreateSolidBrush.GDI32(00000000), ref: 006771CF
                                                                • FrameRect.USER32(?,?,00000000), ref: 006771DE
                                                                • DeleteObject.GDI32(00000000), ref: 006771E5
                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00677230
                                                                • FillRect.USER32(?,?,?), ref: 00677262
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00677284
                                                                  • Part of subcall function 006773E8: GetSysColor.USER32(00000012), ref: 00677421
                                                                  • Part of subcall function 006773E8: SetTextColor.GDI32(?,?), ref: 00677425
                                                                  • Part of subcall function 006773E8: GetSysColorBrush.USER32(0000000F), ref: 0067743B
                                                                  • Part of subcall function 006773E8: GetSysColor.USER32(0000000F), ref: 00677446
                                                                  • Part of subcall function 006773E8: GetSysColor.USER32(00000011), ref: 00677463
                                                                  • Part of subcall function 006773E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00677471
                                                                  • Part of subcall function 006773E8: SelectObject.GDI32(?,00000000), ref: 00677482
                                                                  • Part of subcall function 006773E8: SetBkColor.GDI32(?,00000000), ref: 0067748B
                                                                  • Part of subcall function 006773E8: SelectObject.GDI32(?,?), ref: 00677498
                                                                  • Part of subcall function 006773E8: InflateRect.USER32(?,000000FF,000000FF), ref: 006774B7
                                                                  • Part of subcall function 006773E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006774CE
                                                                  • Part of subcall function 006773E8: GetWindowLongW.USER32(00000000,000000F0), ref: 006774DB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                • String ID:
                                                                • API String ID: 4124339563-0
                                                                • Opcode ID: 52238df205ffed6e8cc9399f8732f28ccd77b340fab4d13a19d37073868822f9
                                                                • Instruction ID: 10fb706fb82f38d7c2be258d644866c23d50567f65d58350f603a65aa678fe02
                                                                • Opcode Fuzzy Hash: 52238df205ffed6e8cc9399f8732f28ccd77b340fab4d13a19d37073868822f9
                                                                • Instruction Fuzzy Hash: ADA1A072008301AFD704DF64DC48A6B7BAAFF49331F105A2DFA6A961E1D771E984CB51
                                                                Function 005F8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,?), ref: 005F8E14
                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00636AC5
                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00636AFE
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00636F43
                                                                  • Part of subcall function 005F8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,005F8BE8,?,00000000,?,?,?,?,005F8BBA,00000000,?), ref: 005F8FC5
                                                                • SendMessageW.USER32(?,00001053), ref: 00636F7F
                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00636F96
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00636FAC
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00636FB7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                • String ID: 0
                                                                • API String ID: 2760611726-4108050209
                                                                • Opcode ID: d48d8f85aebfc4657b09eea48f0c25087c98189038144caf8fcaec0d06de8cd2
                                                                • Instruction ID: 6b7f7758b7c3ad2f8421fbf4b4ed56d453daea21c9bc0262d2f37e9c37617962
                                                                • Opcode Fuzzy Hash: d48d8f85aebfc4657b09eea48f0c25087c98189038144caf8fcaec0d06de8cd2
                                                                • Instruction Fuzzy Hash: D612BC30204641AFDB25DF14C898BB6BBE6FF45310F54856DF6898B261CB36AC92CB91
                                                                Function 00662711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000), ref: 0066273E
                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0066286A
                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 006628A9
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 006628B9
                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00662900
                                                                • GetClientRect.USER32(00000000,?), ref: 0066290C
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00662955
                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00662964
                                                                • GetStockObject.GDI32(00000011), ref: 00662974
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00662978
                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00662988
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00662991
                                                                • DeleteDC.GDI32(00000000), ref: 0066299A
                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 006629C6
                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 006629DD
                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00662A1D
                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00662A31
                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00662A42
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00662A77
                                                                • GetStockObject.GDI32(00000011), ref: 00662A82
                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00662A8D
                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00662A97
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                • API String ID: 2910397461-517079104
                                                                • Opcode ID: 37eafa6a532194deff6da36cef4feff5377335989bca333ac180b159148d069f
                                                                • Instruction ID: adb202461afba287201e4c20b5ca683b79e919c8d1979de84531947c33aec655
                                                                • Opcode Fuzzy Hash: 37eafa6a532194deff6da36cef4feff5377335989bca333ac180b159148d069f
                                                                • Instruction Fuzzy Hash: B2B15CB1A00605BFEB14DF69DC99FAE7BAAFB49710F104219F915EB290D770AD40CB90
                                                                Function 00654ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00654AED
                                                                • GetDriveTypeW.KERNEL32(?,0067CB68,?,\\.\,0067CC08), ref: 00654BCA
                                                                • SetErrorMode.KERNEL32(00000000,0067CB68,?,\\.\,0067CC08), ref: 00654D36
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DriveType
                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                • API String ID: 2907320926-4222207086
                                                                • Opcode ID: dc9e6084ea0fad41df773ebc9f912c7f8dad71c5c9a2ac77fce3167b2e9b7d27
                                                                • Instruction ID: a17ffe52fae2c6b70dc0918df677f02583e0e65149578382e2eb3e5356afc6db
                                                                • Opcode Fuzzy Hash: dc9e6084ea0fad41df773ebc9f912c7f8dad71c5c9a2ac77fce3167b2e9b7d27
                                                                • Instruction Fuzzy Hash: 8F61B430606106ABCB08EF24C9859AC7BB3AF8534AF244495FC06AB291DF31DDCADF41
                                                                Function 006773E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000012), ref: 00677421
                                                                • SetTextColor.GDI32(?,?), ref: 00677425
                                                                • GetSysColorBrush.USER32(0000000F), ref: 0067743B
                                                                • GetSysColor.USER32(0000000F), ref: 00677446
                                                                • CreateSolidBrush.GDI32(?), ref: 0067744B
                                                                • GetSysColor.USER32(00000011), ref: 00677463
                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00677471
                                                                • SelectObject.GDI32(?,00000000), ref: 00677482
                                                                • SetBkColor.GDI32(?,00000000), ref: 0067748B
                                                                • SelectObject.GDI32(?,?), ref: 00677498
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 006774B7
                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006774CE
                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 006774DB
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0067752A
                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00677554
                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00677572
                                                                • DrawFocusRect.USER32(?,?), ref: 0067757D
                                                                • GetSysColor.USER32(00000011), ref: 0067758E
                                                                • SetTextColor.GDI32(?,00000000), ref: 00677596
                                                                • DrawTextW.USER32(?,006770F5,000000FF,?,00000000), ref: 006775A8
                                                                • SelectObject.GDI32(?,?), ref: 006775BF
                                                                • DeleteObject.GDI32(?), ref: 006775CA
                                                                • SelectObject.GDI32(?,?), ref: 006775D0
                                                                • DeleteObject.GDI32(?), ref: 006775D5
                                                                • SetTextColor.GDI32(?,?), ref: 006775DB
                                                                • SetBkColor.GDI32(?,?), ref: 006775E5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                • String ID:
                                                                • API String ID: 1996641542-0
                                                                • Opcode ID: 279d02df2c54a6a4f75741c7d6d91847fccb0738e02b3e521449667a1921c295
                                                                • Instruction ID: a1cf8325c3470dd92885f61ff8a68231a3e4ae46ab378eda70a81d03aebfa8bd
                                                                • Opcode Fuzzy Hash: 279d02df2c54a6a4f75741c7d6d91847fccb0738e02b3e521449667a1921c295
                                                                • Instruction Fuzzy Hash: 4B615272900218AFDF05DFA4DC49AEE7FBAEB09320F115125F919A72A1D7759980CF90
                                                                Function 00670FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 00671128
                                                                • GetDesktopWindow.USER32 ref: 0067113D
                                                                • GetWindowRect.USER32(00000000), ref: 00671144
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00671199
                                                                • DestroyWindow.USER32(?), ref: 006711B9
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 006711ED
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0067120B
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0067121D
                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00671232
                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00671245
                                                                • IsWindowVisible.USER32(00000000), ref: 006712A1
                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 006712BC
                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 006712D0
                                                                • GetWindowRect.USER32(00000000,?), ref: 006712E8
                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 0067130E
                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00671328
                                                                • CopyRect.USER32(?,?), ref: 0067133F
                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 006713AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                • String ID: ($0$tooltips_class32
                                                                • API String ID: 698492251-4156429822
                                                                • Opcode ID: 2e1f44a3645fceae145b1b7bb401f6f9e7ef52c7c13557e6ae257f26edd80d09
                                                                • Instruction ID: 731120b72736d908a7d4f2e0f93afafb10ab34cef937f417b3748a48c6ce936d
                                                                • Opcode Fuzzy Hash: 2e1f44a3645fceae145b1b7bb401f6f9e7ef52c7c13557e6ae257f26edd80d09
                                                                • Instruction Fuzzy Hash: D3B19C71608341AFD704DF69C888BAABBE5FF85310F00891EF99D9B261DB31E844CB91
                                                                Function 00670241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?), ref: 006702E5
                                                                • _wcslen.LIBCMT ref: 0067031F
                                                                • _wcslen.LIBCMT ref: 00670389
                                                                • _wcslen.LIBCMT ref: 006703F1
                                                                • _wcslen.LIBCMT ref: 00670475
                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 006704C5
                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00670504
                                                                  • Part of subcall function 005FF9F2: _wcslen.LIBCMT ref: 005FF9FD
                                                                  • Part of subcall function 0064223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00642258
                                                                  • Part of subcall function 0064223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0064228A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                • API String ID: 1103490817-719923060
                                                                • Opcode ID: d2e1b838f18a6ef374e6025b7404107ebd7ff60cdfa5bdfea6a45d23ed19e1a3
                                                                • Instruction ID: 551d848feec75b9549de407a2c5d7e73f6da883fb570f8ee19c558ccb790a481
                                                                • Opcode Fuzzy Hash: d2e1b838f18a6ef374e6025b7404107ebd7ff60cdfa5bdfea6a45d23ed19e1a3
                                                                • Instruction Fuzzy Hash: 58E17C31208242DFD718EF24C95086AB7E7BFC8714F24855DF89A9B3A5DB30ED468B61
                                                                Function 005F8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 005F8968
                                                                • GetSystemMetrics.USER32(00000007), ref: 005F8970
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 005F899B
                                                                • GetSystemMetrics.USER32(00000008), ref: 005F89A3
                                                                • GetSystemMetrics.USER32(00000004), ref: 005F89C8
                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 005F89E5
                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 005F89F5
                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 005F8A28
                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 005F8A3C
                                                                • GetClientRect.USER32(00000000,000000FF), ref: 005F8A5A
                                                                • GetStockObject.GDI32(00000011), ref: 005F8A76
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 005F8A81
                                                                  • Part of subcall function 005F912D: GetCursorPos.USER32(?), ref: 005F9141
                                                                  • Part of subcall function 005F912D: ScreenToClient.USER32(00000000,?), ref: 005F915E
                                                                  • Part of subcall function 005F912D: GetAsyncKeyState.USER32(00000001), ref: 005F9183
                                                                  • Part of subcall function 005F912D: GetAsyncKeyState.USER32(00000002), ref: 005F919D
                                                                • SetTimer.USER32(00000000,00000000,00000028,005F90FC), ref: 005F8AA8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                • String ID: AutoIt v3 GUI
                                                                • API String ID: 1458621304-248962490
                                                                • Opcode ID: 4a1ad8c5b2ec9ad6df65d6066d8e9ea031d9878c76729c35300591fd38f1bd9b
                                                                • Instruction ID: 42c103a7a19b9bc7e06032b37f468b94bcc3b2e06ba1f53f4c2fe57dd529b182
                                                                • Opcode Fuzzy Hash: 4a1ad8c5b2ec9ad6df65d6066d8e9ea031d9878c76729c35300591fd38f1bd9b
                                                                • Instruction Fuzzy Hash: 24B16F71A00209AFDF14DF68CD59BFE3BB6FB48314F104229FA15AB290DB74A991CB51
                                                                Function 00640D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 006410F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00641114
                                                                  • Part of subcall function 006410F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 00641120
                                                                  • Part of subcall function 006410F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 0064112F
                                                                  • Part of subcall function 006410F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 00641136
                                                                  • Part of subcall function 006410F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0064114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00640DF5
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00640E29
                                                                • GetLengthSid.ADVAPI32(?), ref: 00640E40
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00640E7A
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00640E96
                                                                • GetLengthSid.ADVAPI32(?), ref: 00640EAD
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00640EB5
                                                                • HeapAlloc.KERNEL32(00000000), ref: 00640EBC
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00640EDD
                                                                • CopySid.ADVAPI32(00000000), ref: 00640EE4
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00640F13
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00640F35
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00640F47
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00640F6E
                                                                • HeapFree.KERNEL32(00000000), ref: 00640F75
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00640F7E
                                                                • HeapFree.KERNEL32(00000000), ref: 00640F85
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00640F8E
                                                                • HeapFree.KERNEL32(00000000), ref: 00640F95
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00640FA1
                                                                • HeapFree.KERNEL32(00000000), ref: 00640FA8
                                                                  • Part of subcall function 00641193: GetProcessHeap.KERNEL32(00000008,00640BB1,?,00000000,?,00640BB1,?), ref: 006411A1
                                                                  • Part of subcall function 00641193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00640BB1,?), ref: 006411A8
                                                                  • Part of subcall function 00641193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00640BB1,?), ref: 006411B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: c8a1b0aa94a2000a9af0ac98e4505d1033701cf6b012faaa2e6f8eb6b46eea60
                                                                • Instruction ID: dd6e442af862a141fc539fd9a4e7f15467a3388496e9b737b616e4c1df295b0f
                                                                • Opcode Fuzzy Hash: c8a1b0aa94a2000a9af0ac98e4505d1033701cf6b012faaa2e6f8eb6b46eea60
                                                                • Instruction Fuzzy Hash: 0071607190021AEBEF609FA4DC44FEEBBBABF05310F148129FA19E7251D7359945CB60
                                                                Function 0066C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0066C4BD
                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,0067CC08,00000000,?,00000000,?,?), ref: 0066C544
                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0066C5A4
                                                                • _wcslen.LIBCMT ref: 0066C5F4
                                                                • _wcslen.LIBCMT ref: 0066C66F
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0066C6B2
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0066C7C1
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0066C84D
                                                                • RegCloseKey.ADVAPI32(?), ref: 0066C881
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0066C88E
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0066C960
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                • API String ID: 9721498-966354055
                                                                • Opcode ID: e685fd2501b2422aacc8dd977058abf5c1ddf7fe1928b407ad5c1245c29bb2f4
                                                                • Instruction ID: 0863c278310b6a5a09c0086d189f15dfe235af7670f3181dfb966f85e487cf30
                                                                • Opcode Fuzzy Hash: e685fd2501b2422aacc8dd977058abf5c1ddf7fe1928b407ad5c1245c29bb2f4
                                                                • Instruction Fuzzy Hash: 881268356046019FC718DF15C885A6ABBE6FF88724F04885DF89A9B3A2DB31EC41CB81
                                                                Function 0067091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?), ref: 006709C6
                                                                • _wcslen.LIBCMT ref: 00670A01
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00670A54
                                                                • _wcslen.LIBCMT ref: 00670A8A
                                                                • _wcslen.LIBCMT ref: 00670B06
                                                                • _wcslen.LIBCMT ref: 00670B81
                                                                  • Part of subcall function 005FF9F2: _wcslen.LIBCMT ref: 005FF9FD
                                                                  • Part of subcall function 00642BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00642BFA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                • API String ID: 1103490817-4258414348
                                                                • Opcode ID: 3c09b90402074e9869ea75e9636767458bd0bdfb8e7815352ba1855046e33e51
                                                                • Instruction ID: 40ef7f9c0cf14825b07d1ee85209878f8b99111daff4f6d6cb9b73e3073370a6
                                                                • Opcode Fuzzy Hash: 3c09b90402074e9869ea75e9636767458bd0bdfb8e7815352ba1855046e33e51
                                                                • Instruction Fuzzy Hash: 3AE1BD35208342DFC714EF25C45096ABBE2BF98714F10895DF89A9B3A2D731ED46CBA1
                                                                Function 0066C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                • API String ID: 1256254125-909552448
                                                                • Opcode ID: c566f3dbda0c12d27e1cbf018a2e1c68d368fffb9b121efefa9fd8991a34fcd2
                                                                • Instruction ID: f159f38854242bdef786d67c7600e8c7d2836fb19e7ae2ead13102cce897e510
                                                                • Opcode Fuzzy Hash: c566f3dbda0c12d27e1cbf018a2e1c68d368fffb9b121efefa9fd8991a34fcd2
                                                                • Instruction Fuzzy Hash: A171D23260096A8BCB20EEBCCD515FB3793AFA1774B250528F8D697384EA35DD4587A0
                                                                Function 0067833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0067835A
                                                                • _wcslen.LIBCMT ref: 0067836E
                                                                • _wcslen.LIBCMT ref: 00678391
                                                                • _wcslen.LIBCMT ref: 006783B4
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 006783F2
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00675BF2), ref: 0067844E
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00678487
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 006784CA
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00678501
                                                                • FreeLibrary.KERNEL32(?), ref: 0067850D
                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0067851D
                                                                • DestroyIcon.USER32(?,?,?,?,?,00675BF2), ref: 0067852C
                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00678549
                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00678555
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                • String ID: .dll$.exe$.icl
                                                                • API String ID: 799131459-1154884017
                                                                • Opcode ID: 6735690d89abc4ff7071ea738f0c71fe98adb32ffafad833ff07599b8c90f230
                                                                • Instruction ID: 11fe202f5de0cd236dc2512a3deb9059d4e2f922f5fb31645410f8f29a926ec7
                                                                • Opcode Fuzzy Hash: 6735690d89abc4ff7071ea738f0c71fe98adb32ffafad833ff07599b8c90f230
                                                                • Instruction Fuzzy Hash: 7561BF71580205BEEB28DF64CC49BFE7BA9BB04721F108509F919D61D1DFB49D90CBA0
                                                                Function 005E7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                • API String ID: 0-1645009161
                                                                • Opcode ID: 49b6e0a79cd4a2490f8d9111dc82c30a08c7a6e0b9ab866d52b030f0645ed292
                                                                • Instruction ID: bb349177214325b8344ea3d41da9b5a946676e4e3e1a3b166fd8471374e07509
                                                                • Opcode Fuzzy Hash: 49b6e0a79cd4a2490f8d9111dc82c30a08c7a6e0b9ab866d52b030f0645ed292
                                                                • Instruction Fuzzy Hash: 91811870A44619BBDB28AF21DC46FAF3B6AFF59300F044424F945AB1D2EB70DA51CB91
                                                                Function 00653E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharLowerBuffW.USER32(?,?), ref: 00653EF8
                                                                • _wcslen.LIBCMT ref: 00653F03
                                                                • _wcslen.LIBCMT ref: 00653F5A
                                                                • _wcslen.LIBCMT ref: 00653F98
                                                                • GetDriveTypeW.KERNEL32(?), ref: 00653FD6
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0065401E
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00654059
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00654087
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                • API String ID: 1839972693-4113822522
                                                                • Opcode ID: 9e18f9abc367ea9c28c05487f561da7d5dc958784643b22c7312086f23f169cb
                                                                • Instruction ID: f59db6177d5c91ea4716ba01d79b39ab4ad47bb18144f7f850481f03121490fd
                                                                • Opcode Fuzzy Hash: 9e18f9abc367ea9c28c05487f561da7d5dc958784643b22c7312086f23f169cb
                                                                • Instruction Fuzzy Hash: 1B71B0725042129FC314EF24C8808AABBE6FF947A8F14492DF9D697391EB31DD49CB91
                                                                Function 00645A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadIconW.USER32(00000063), ref: 00645A2E
                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00645A40
                                                                • SetWindowTextW.USER32(?,?), ref: 00645A57
                                                                • GetDlgItem.USER32(?,000003EA), ref: 00645A6C
                                                                • SetWindowTextW.USER32(00000000,?), ref: 00645A72
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00645A82
                                                                • SetWindowTextW.USER32(00000000,?), ref: 00645A88
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00645AA9
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00645AC3
                                                                • GetWindowRect.USER32(?,?), ref: 00645ACC
                                                                • _wcslen.LIBCMT ref: 00645B33
                                                                • SetWindowTextW.USER32(?,?), ref: 00645B6F
                                                                • GetDesktopWindow.USER32 ref: 00645B75
                                                                • GetWindowRect.USER32(00000000), ref: 00645B7C
                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00645BD3
                                                                • GetClientRect.USER32(?,?), ref: 00645BE0
                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00645C05
                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00645C2F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                • String ID:
                                                                • API String ID: 895679908-0
                                                                • Opcode ID: 71ebb488dc07df63e9710b5ca967a3da3fd0ae04358a9b8c871841f5e147ae7b
                                                                • Instruction ID: 2987a1bbd666da24f43ece84df31888e9d8a7211afb8de47bc7363a5633cd415
                                                                • Opcode Fuzzy Hash: 71ebb488dc07df63e9710b5ca967a3da3fd0ae04358a9b8c871841f5e147ae7b
                                                                • Instruction Fuzzy Hash: 6C719D31900B09AFDB24DFA8CE95AAEBBF6FF48714F10451CE547A26A1D771E940CB10
                                                                Function 0065FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 0065FE27
                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 0065FE32
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0065FE3D
                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 0065FE48
                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 0065FE53
                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 0065FE5E
                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 0065FE69
                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 0065FE74
                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 0065FE7F
                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 0065FE8A
                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 0065FE95
                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 0065FEA0
                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 0065FEAB
                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 0065FEB6
                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 0065FEC1
                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 0065FECC
                                                                • GetCursorInfo.USER32(?), ref: 0065FEDC
                                                                • GetLastError.KERNEL32 ref: 0065FF1E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                • String ID:
                                                                • API String ID: 3215588206-0
                                                                • Opcode ID: a189cf4f3cad4fb0bbe0af22acd6217878eaeffb66285413a308ede3fb8d41f4
                                                                • Instruction ID: 0c48c29073d4ea50130b627956b662b362926d364e104c89879fcfb3b3f44d95
                                                                • Opcode Fuzzy Hash: a189cf4f3cad4fb0bbe0af22acd6217878eaeffb66285413a308ede3fb8d41f4
                                                                • Instruction Fuzzy Hash: 124172B0D04319AADB109FBA8C8985EBFE9FF04354B50452AF51DE7281DB78E901CF91
                                                                Function 006430F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[j
                                                                • API String ID: 176396367-1297735480
                                                                • Opcode ID: 77fe1c03dbd8f614afabc35caf82e5d3b24d5269d6228aabbba5de6fc5fb8efb
                                                                • Instruction ID: 9ffacfdd0391f367b9f6a54b2f47322a80fd6ad816be4240a1adbbfe735a2dbc
                                                                • Opcode Fuzzy Hash: 77fe1c03dbd8f614afabc35caf82e5d3b24d5269d6228aabbba5de6fc5fb8efb
                                                                • Instruction Fuzzy Hash: 54E1D532A00536ABCB18DF78C4516EEBBB3BF54710F548129E456E7380DB70AF858BA0
                                                                Function 006000C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 006000C6
                                                                  • Part of subcall function 006000ED: InitializeCriticalSectionAndSpinCount.KERNEL32(006B070C,00000FA0,153175AD,?,?,?,?,006223B3,000000FF), ref: 0060011C
                                                                  • Part of subcall function 006000ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,006223B3,000000FF), ref: 00600127
                                                                  • Part of subcall function 006000ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,006223B3,000000FF), ref: 00600138
                                                                  • Part of subcall function 006000ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0060014E
                                                                  • Part of subcall function 006000ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0060015C
                                                                  • Part of subcall function 006000ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0060016A
                                                                  • Part of subcall function 006000ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00600195
                                                                  • Part of subcall function 006000ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006001A0
                                                                • ___scrt_fastfail.LIBCMT ref: 006000E7
                                                                  • Part of subcall function 006000A3: __onexit.LIBCMT ref: 006000A9
                                                                Strings
                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00600122
                                                                • InitializeConditionVariable, xrefs: 00600148
                                                                • kernel32.dll, xrefs: 00600133
                                                                • WakeAllConditionVariable, xrefs: 00600162
                                                                • SleepConditionVariableCS, xrefs: 00600154
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                • API String ID: 66158676-1714406822
                                                                • Opcode ID: ea27d716ac6567f02f741a5f6fd28fc15589a87952d8e855ad7586e2e2a4a4c0
                                                                • Instruction ID: 0174132241de78e587f7c61128da65e441a809f08d260855e2cbb73b7849b478
                                                                • Opcode Fuzzy Hash: ea27d716ac6567f02f741a5f6fd28fc15589a87952d8e855ad7586e2e2a4a4c0
                                                                • Instruction Fuzzy Hash: 93214632A84701ABF7285BB4AC09F6B779BEF45B60F11013EF909A23D1DF7098408A90
                                                                Function 006544C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharLowerBuffW.USER32(00000000,00000000,0067CC08), ref: 00654527
                                                                • _wcslen.LIBCMT ref: 0065453B
                                                                • _wcslen.LIBCMT ref: 00654599
                                                                • _wcslen.LIBCMT ref: 006545F4
                                                                • _wcslen.LIBCMT ref: 0065463F
                                                                • _wcslen.LIBCMT ref: 006546A7
                                                                  • Part of subcall function 005FF9F2: _wcslen.LIBCMT ref: 005FF9FD
                                                                • GetDriveTypeW.KERNEL32(?,006A6BF0,00000061), ref: 00654743
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                • API String ID: 2055661098-1000479233
                                                                • Opcode ID: 33d520e83d7f75bf2a18762a6149fd9c6cbcdaee3312992bb8e21826cc9a6f40
                                                                • Instruction ID: 9c3d5afa9737cf1e2d8c0c2fe4f82dd388eab0851dff333f7325d6d47b209657
                                                                • Opcode Fuzzy Hash: 33d520e83d7f75bf2a18762a6149fd9c6cbcdaee3312992bb8e21826cc9a6f40
                                                                • Instruction Fuzzy Hash: 5BB105315083029FC714DF28C890AAAB7E6BFA5769F50495DF896C7391EB30DC89CB52
                                                                Function 0067911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                • DragQueryPoint.SHELL32(?,?), ref: 00679147
                                                                  • Part of subcall function 00677674: ClientToScreen.USER32(?,?), ref: 0067769A
                                                                  • Part of subcall function 00677674: GetWindowRect.USER32(?,?), ref: 00677710
                                                                  • Part of subcall function 00677674: PtInRect.USER32(?,?,00678B89), ref: 00677720
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 006791B0
                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 006791BB
                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 006791DE
                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00679225
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 0067923E
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00679255
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00679277
                                                                • DragFinish.SHELL32(?), ref: 0067927E
                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00679371
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#k
                                                                • API String ID: 221274066-2854851725
                                                                • Opcode ID: 3e73f91e635fbd67d2b5da2be954c470e61fa440fc78365d3276772edfb720cc
                                                                • Instruction ID: 9e6034934ce757030edd9aae56db70867411f4ddc2b5c78e8bdce6f7ff98a1e3
                                                                • Opcode Fuzzy Hash: 3e73f91e635fbd67d2b5da2be954c470e61fa440fc78365d3276772edfb720cc
                                                                • Instruction Fuzzy Hash: D9616971108341AFC705EF65CC89DAFBBEAFBC9350F40492DF599921A1DB309A49CB62
                                                                Function 0066AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0066B198
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0066B1B0
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0066B1D4
                                                                • _wcslen.LIBCMT ref: 0066B200
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0066B214
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0066B236
                                                                • _wcslen.LIBCMT ref: 0066B332
                                                                  • Part of subcall function 006505A7: GetStdHandle.KERNEL32(000000F6), ref: 006505C6
                                                                • _wcslen.LIBCMT ref: 0066B34B
                                                                • _wcslen.LIBCMT ref: 0066B366
                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0066B3B6
                                                                • GetLastError.KERNEL32(00000000), ref: 0066B407
                                                                • CloseHandle.KERNEL32(?), ref: 0066B439
                                                                • CloseHandle.KERNEL32(00000000), ref: 0066B44A
                                                                • CloseHandle.KERNEL32(00000000), ref: 0066B45C
                                                                • CloseHandle.KERNEL32(00000000), ref: 0066B46E
                                                                • CloseHandle.KERNEL32(?), ref: 0066B4E3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 2178637699-0
                                                                • Opcode ID: fa211afaf05cfd239ef1bad8858328f95f79caa94ea49dc311d1188ea15a51dd
                                                                • Instruction ID: 76252e02798d5559c7b3e9d5a110c8e70a259d5d8417ed24954e70a00d0602fa
                                                                • Opcode Fuzzy Hash: fa211afaf05cfd239ef1bad8858328f95f79caa94ea49dc311d1188ea15a51dd
                                                                • Instruction Fuzzy Hash: 67F19931604341DFC718EF24C895A6ABBE6BF85310F14845DF9899B3A2DB30EC85CB52
                                                                Function 005E326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemCount.USER32(006B1990), ref: 00622F8D
                                                                • GetMenuItemCount.USER32(006B1990), ref: 0062303D
                                                                • GetCursorPos.USER32(?), ref: 00623081
                                                                • SetForegroundWindow.USER32(00000000), ref: 0062308A
                                                                • TrackPopupMenuEx.USER32(006B1990,00000000,?,00000000,00000000,00000000), ref: 0062309D
                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 006230A9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                • String ID: 0
                                                                • API String ID: 36266755-4108050209
                                                                • Opcode ID: 023091ea172720fd2fe3fb8e755598fe88e735b5c685d6cf3ea226b09be3db7c
                                                                • Instruction ID: 38dc6478e4f7253fa82a87f5d26881805266a9875ffd686d2bcd24862ea92b56
                                                                • Opcode Fuzzy Hash: 023091ea172720fd2fe3fb8e755598fe88e735b5c685d6cf3ea226b09be3db7c
                                                                • Instruction Fuzzy Hash: DE713A70640626BEFB258F25DD99FDABF76FF01324F204206F6546A2E0C7B1A950DB50
                                                                Function 00676CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000,?), ref: 00676DEB
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00676E5F
                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00676E81
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00676E94
                                                                • DestroyWindow.USER32(?), ref: 00676EB5
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,005E0000,00000000), ref: 00676EE4
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00676EFD
                                                                • GetDesktopWindow.USER32 ref: 00676F16
                                                                • GetWindowRect.USER32(00000000), ref: 00676F1D
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00676F35
                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00676F4D
                                                                  • Part of subcall function 005F9944: GetWindowLongW.USER32(?,000000EB), ref: 005F9952
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                • String ID: 0$tooltips_class32
                                                                • API String ID: 2429346358-3619404913
                                                                • Opcode ID: 245935628e409a6afbefc8d2c36b40eaac83b19c035ded2987866fa76cfd7e61
                                                                • Instruction ID: 7c55b6a44b0c7c84a8650f82198ddf9931cd84af53b23d9e3d553f9ac1ef931b
                                                                • Opcode Fuzzy Hash: 245935628e409a6afbefc8d2c36b40eaac83b19c035ded2987866fa76cfd7e61
                                                                • Instruction Fuzzy Hash: E9718A70104640AFDB25EF18DC58FAABBFAFB89304F54851DF98987261C774A989CB11
                                                                Function 0065C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0065C4B0
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0065C4C3
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0065C4D7
                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0065C4F0
                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0065C533
                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0065C549
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0065C554
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0065C584
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0065C5DC
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0065C5F0
                                                                • InternetCloseHandle.WININET(00000000), ref: 0065C5FB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                • String ID:
                                                                • API String ID: 3800310941-3916222277
                                                                • Opcode ID: 629534d1b95b11813635667c9b5ec28317365c519b3f8377e9db8480df38013a
                                                                • Instruction ID: 9817310e9c2aee565d80775e57feeb4cc45dce7bcc9cf4440c24f314aa1f4192
                                                                • Opcode Fuzzy Hash: 629534d1b95b11813635667c9b5ec28317365c519b3f8377e9db8480df38013a
                                                                • Instruction Fuzzy Hash: EE5150B1500304BFDB258FA4C988AAB7BFEFF04765F10441DF94596250EB34EA58DB60
                                                                Function 0067856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00678592
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006785A2
                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006785AD
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006785BA
                                                                • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006785C8
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006785D7
                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006785E0
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006785E7
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006785F8
                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0067FC38,?), ref: 00678611
                                                                • GlobalFree.KERNEL32(00000000), ref: 00678621
                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00678641
                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00678671
                                                                • DeleteObject.GDI32(?), ref: 00678699
                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 006786AF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                • String ID:
                                                                • API String ID: 3840717409-0
                                                                • Opcode ID: fb559fc752cb96ba68bf5e72018152538798ccf66166e71475f83ded9192ad15
                                                                • Instruction ID: b47e6bb1103af6dbc22238700f03d3e693db4853ae6603c3b469b281227f0958
                                                                • Opcode Fuzzy Hash: fb559fc752cb96ba68bf5e72018152538798ccf66166e71475f83ded9192ad15
                                                                • Instruction Fuzzy Hash: 3B413C75640204BFDB159FA5CC4CEAA7BBAFF89721F108158F919E7261DB309D41CB60
                                                                Function 006514BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000000), ref: 00651502
                                                                • VariantCopy.OLEAUT32(?,?), ref: 0065150B
                                                                • VariantClear.OLEAUT32(?), ref: 00651517
                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 006515FB
                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00651657
                                                                • VariantInit.OLEAUT32(?), ref: 00651708
                                                                • SysFreeString.OLEAUT32(?), ref: 0065178C
                                                                • VariantClear.OLEAUT32(?), ref: 006517D8
                                                                • VariantClear.OLEAUT32(?), ref: 006517E7
                                                                • VariantInit.OLEAUT32(00000000), ref: 00651823
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                • API String ID: 1234038744-3931177956
                                                                • Opcode ID: 6ef2b21bed15191aed3ff4c45bd75f21d02997ee817454238ffa3ef1a8ea5f5c
                                                                • Instruction ID: 3a9e148cc9cb6f909933e03b74c2e4b629985bf3608fd7e0265a65c6bd31c099
                                                                • Opcode Fuzzy Hash: 6ef2b21bed15191aed3ff4c45bd75f21d02997ee817454238ffa3ef1a8ea5f5c
                                                                • Instruction Fuzzy Hash: 4CD128B1600105DBDB14AF65D849BBDBBB6BF86701F108059FC46AF280EB34DD4ADB51
                                                                Function 0066B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 0066C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0066B6AE,?,?), ref: 0066C9B5
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066C9F1
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066CA68
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0066B6F4
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0066B772
                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 0066B80A
                                                                • RegCloseKey.ADVAPI32(?), ref: 0066B87E
                                                                • RegCloseKey.ADVAPI32(?), ref: 0066B89C
                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0066B8F2
                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0066B904
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 0066B922
                                                                • FreeLibrary.KERNEL32(00000000), ref: 0066B983
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0066B994
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 146587525-4033151799
                                                                • Opcode ID: 684b7407cff249bc3bc0679306b1475d3ddca171c6aa5d7e156556331a119482
                                                                • Instruction ID: aba0e0491a9c0776e95c3e2f19410bee4c0144f392b27eedf81a2efeb382bfc8
                                                                • Opcode Fuzzy Hash: 684b7407cff249bc3bc0679306b1475d3ddca171c6aa5d7e156556331a119482
                                                                • Instruction Fuzzy Hash: 6AC18F30204242EFD714DF15C494F6ABBE6BF85318F14955CE49A8B3A2CB71EC86CB91
                                                                Function 0066255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 006625D8
                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 006625E8
                                                                • CreateCompatibleDC.GDI32(?), ref: 006625F4
                                                                • SelectObject.GDI32(00000000,?), ref: 00662601
                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0066266D
                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 006626AC
                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 006626D0
                                                                • SelectObject.GDI32(?,?), ref: 006626D8
                                                                • DeleteObject.GDI32(?), ref: 006626E1
                                                                • DeleteDC.GDI32(?), ref: 006626E8
                                                                • ReleaseDC.USER32(00000000,?), ref: 006626F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                • String ID: (
                                                                • API String ID: 2598888154-3887548279
                                                                • Opcode ID: 6192f6c8077f104a87f381f12459f768189e3b6950b47804802e8d9640fb04cb
                                                                • Instruction ID: a11026b59e908fb344832a0896d0791e4375e350877fb6a5a8c8750cb28d2f38
                                                                • Opcode Fuzzy Hash: 6192f6c8077f104a87f381f12459f768189e3b6950b47804802e8d9640fb04cb
                                                                • Instruction Fuzzy Hash: 1561E2B5D0021AEFCF14CFA4D894AAEBBB6FF48310F20852DE959A7250D771A941CF94
                                                                Function 0061DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___free_lconv_mon.LIBCMT ref: 0061DAA1
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D659
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D66B
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D67D
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D68F
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D6A1
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D6B3
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D6C5
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D6D7
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D6E9
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D6FB
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D70D
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D71F
                                                                  • Part of subcall function 0061D63C: _free.LIBCMT ref: 0061D731
                                                                • _free.LIBCMT ref: 0061DA96
                                                                  • Part of subcall function 006129C8: HeapFree.KERNEL32(00000000,00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000), ref: 006129DE
                                                                  • Part of subcall function 006129C8: GetLastError.KERNEL32(00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000,00000000), ref: 006129F0
                                                                • _free.LIBCMT ref: 0061DAB8
                                                                • _free.LIBCMT ref: 0061DACD
                                                                • _free.LIBCMT ref: 0061DAD8
                                                                • _free.LIBCMT ref: 0061DAFA
                                                                • _free.LIBCMT ref: 0061DB0D
                                                                • _free.LIBCMT ref: 0061DB1B
                                                                • _free.LIBCMT ref: 0061DB26
                                                                • _free.LIBCMT ref: 0061DB5E
                                                                • _free.LIBCMT ref: 0061DB65
                                                                • _free.LIBCMT ref: 0061DB82
                                                                • _free.LIBCMT ref: 0061DB9A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                • String ID:
                                                                • API String ID: 161543041-0
                                                                • Opcode ID: f90e62ad7e2ab8d377d6bd82df014e72370ed8b50d7453681b509b7c2fbc282c
                                                                • Instruction ID: 86c119aab1f77d606a60756140180a90309a845fde373565579dc66cddd5ade9
                                                                • Opcode Fuzzy Hash: f90e62ad7e2ab8d377d6bd82df014e72370ed8b50d7453681b509b7c2fbc282c
                                                                • Instruction Fuzzy Hash: E6313F726047069FDB61AA39E845BDA77EAFF00720F19481DE449DB291DF35ACE08724
                                                                Function 0064365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 0064369C
                                                                • _wcslen.LIBCMT ref: 006436A7
                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00643797
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 0064380C
                                                                • GetDlgCtrlID.USER32(?), ref: 0064385D
                                                                • GetWindowRect.USER32(?,?), ref: 00643882
                                                                • GetParent.USER32(?), ref: 006438A0
                                                                • ScreenToClient.USER32(00000000), ref: 006438A7
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00643921
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 0064395D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                • String ID: %s%u
                                                                • API String ID: 4010501982-679674701
                                                                • Opcode ID: f3214ae883cce7acd9723562e0623346c9f3d3fba60ae95200e4439dbe1c02f1
                                                                • Instruction ID: 91f4a37ba24c35116e21b0a2a1650cf150ae2d68cd1e21b8e6f0f22fa859b695
                                                                • Opcode Fuzzy Hash: f3214ae883cce7acd9723562e0623346c9f3d3fba60ae95200e4439dbe1c02f1
                                                                • Instruction Fuzzy Hash: F691B271204616AFD719DF24C885FEAF7AAFF44350F10852DF999C6290EB30EA45CB91
                                                                Function 00644954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00644994
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 006449DA
                                                                • _wcslen.LIBCMT ref: 006449EB
                                                                • CharUpperBuffW.USER32(?,00000000), ref: 006449F7
                                                                • _wcsstr.LIBVCRUNTIME ref: 00644A2C
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00644A64
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00644A9D
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00644AE6
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00644B20
                                                                • GetWindowRect.USER32(?,?), ref: 00644B8B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                • String ID: ThumbnailClass
                                                                • API String ID: 1311036022-1241985126
                                                                • Opcode ID: 4a4e8a1367fc8c59ecee36bcdf4f4b4078979872e0490551aaa92b9d50ce6d58
                                                                • Instruction ID: e3534a71d44976d2a345706c74e523b56b4f126684a28707d38abc65fd899b9d
                                                                • Opcode Fuzzy Hash: 4a4e8a1367fc8c59ecee36bcdf4f4b4078979872e0490551aaa92b9d50ce6d58
                                                                • Instruction Fuzzy Hash: 7291AD710082059FDB08DF14C986BAA77EAFF84714F04846DFD899A296DF30ED85CBA1
                                                                Function 00678D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00678D5A
                                                                • GetFocus.USER32 ref: 00678D6A
                                                                • GetDlgCtrlID.USER32(00000000), ref: 00678D75
                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00678E1D
                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00678ECF
                                                                • GetMenuItemCount.USER32(?), ref: 00678EEC
                                                                • GetMenuItemID.USER32(?,00000000), ref: 00678EFC
                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00678F2E
                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00678F70
                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00678FA1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                • String ID: 0
                                                                • API String ID: 1026556194-4108050209
                                                                • Opcode ID: 95c5a3f6601b715afab4fa364e30ef625bf6910a0d0cf4cb1028113f3c66dbc7
                                                                • Instruction ID: 8a9fc15528f6737d502c9faaba566d3053ec4ed2bee05655a88f11a8a80c3075
                                                                • Opcode Fuzzy Hash: 95c5a3f6601b715afab4fa364e30ef625bf6910a0d0cf4cb1028113f3c66dbc7
                                                                • Instruction Fuzzy Hash: A9819D71548301AFD714CF24C888AAB7BEAFF88354F14891DF98997291DB35DD41CBA2
                                                                Function 0064DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0064DC20
                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0064DC46
                                                                • _wcslen.LIBCMT ref: 0064DC50
                                                                • _wcsstr.LIBVCRUNTIME ref: 0064DCA0
                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0064DCBC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                • API String ID: 1939486746-1459072770
                                                                • Opcode ID: 3732767b124103a70c4ff6906e38c34c4d37a9373be50af2b5c60bdfa40b313b
                                                                • Instruction ID: 1603e4001e6044b36e233a640db65b3c8cedb57f470a7d285ece34b05543e4b4
                                                                • Opcode Fuzzy Hash: 3732767b124103a70c4ff6906e38c34c4d37a9373be50af2b5c60bdfa40b313b
                                                                • Instruction Fuzzy Hash: 69410572D402057ADB18A774DC47EFF7BAEEF42720F14406DFA05A61C2EA7499018BB4
                                                                Function 0066CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0066CC64
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0066CC8D
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0066CD48
                                                                  • Part of subcall function 0066CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0066CCAA
                                                                  • Part of subcall function 0066CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0066CCBD
                                                                  • Part of subcall function 0066CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0066CCCF
                                                                  • Part of subcall function 0066CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0066CD05
                                                                  • Part of subcall function 0066CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0066CD28
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 0066CCF3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 2734957052-4033151799
                                                                • Opcode ID: 89a47909277392937349f367952b1964fd04946b33471dde501eafdb5dd9b0ec
                                                                • Instruction ID: c216350a7d66bd056fd7b45ddf500bd636bab64ea5bcc9b5d9c5869833cb2561
                                                                • Opcode Fuzzy Hash: 89a47909277392937349f367952b1964fd04946b33471dde501eafdb5dd9b0ec
                                                                • Instruction Fuzzy Hash: 85318171901128BBD7209B54DC88EFFBB7EEF45760F000169F949E2240D7349E85DAE0
                                                                Function 00653D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00653D40
                                                                • _wcslen.LIBCMT ref: 00653D6D
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00653D9D
                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00653DBE
                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00653DCE
                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00653E55
                                                                • CloseHandle.KERNEL32(00000000), ref: 00653E60
                                                                • CloseHandle.KERNEL32(00000000), ref: 00653E6B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                • String ID: :$\$\??\%s
                                                                • API String ID: 1149970189-3457252023
                                                                • Opcode ID: cd67f9df3728a5e38ef58a0a15e97a990a3269ee252be0809943c99a933ee9dc
                                                                • Instruction ID: 9c673d7f4ca755dd3836cc6d3ce23237853032ff60d0462adbde46966808a52d
                                                                • Opcode Fuzzy Hash: cd67f9df3728a5e38ef58a0a15e97a990a3269ee252be0809943c99a933ee9dc
                                                                • Instruction Fuzzy Hash: 6831D672500119ABDB209FA0DC49FEF37BEEF88B51F1041B9FA19D6260E77097848B24
                                                                Function 0064E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • timeGetTime.WINMM ref: 0064E6B4
                                                                  • Part of subcall function 005FE551: timeGetTime.WINMM(?,?,0064E6D4), ref: 005FE555
                                                                • Sleep.KERNEL32(0000000A), ref: 0064E6E1
                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0064E705
                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0064E727
                                                                • SetActiveWindow.USER32 ref: 0064E746
                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0064E754
                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 0064E773
                                                                • Sleep.KERNEL32(000000FA), ref: 0064E77E
                                                                • IsWindow.USER32 ref: 0064E78A
                                                                • EndDialog.USER32(00000000), ref: 0064E79B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                • String ID: BUTTON
                                                                • API String ID: 1194449130-3405671355
                                                                • Opcode ID: 35246d210720c9409f24a4778547ec989f2d3cf56de0793ad650eca403c54b08
                                                                • Instruction ID: 1789c01156e39bf13a6e396c48aca89fe34d9f61adf27bd23022627455ac05c4
                                                                • Opcode Fuzzy Hash: 35246d210720c9409f24a4778547ec989f2d3cf56de0793ad650eca403c54b08
                                                                • Instruction Fuzzy Hash: 352196B0640205AFEB045F20ECDAE253BABF755369F103529F505812B1EB729CC0DB24
                                                                Function 0064E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0064EA5D
                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0064EA73
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0064EA84
                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0064EA96
                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0064EAA7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString$_wcslen
                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                • API String ID: 2420728520-1007645807
                                                                • Opcode ID: 6475dcf1470fc0a88aff43aa9df5c403e134152a9a37204ec0a8bc7f31e48658
                                                                • Instruction ID: 6268aef781ba660370e5cdda613be719a6a18f3793a2df81d6d1f2d50e5b907e
                                                                • Opcode Fuzzy Hash: 6475dcf1470fc0a88aff43aa9df5c403e134152a9a37204ec0a8bc7f31e48658
                                                                • Instruction Fuzzy Hash: B1115E31A9025A79D724B7A2DC4EDFF6A7EFBD2B40F550429B811A20D1EEB04D85C9B0
                                                                Function 00645CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,00000001), ref: 00645CE2
                                                                • GetWindowRect.USER32(00000000,?), ref: 00645CFB
                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00645D59
                                                                • GetDlgItem.USER32(?,00000002), ref: 00645D69
                                                                • GetWindowRect.USER32(00000000,?), ref: 00645D7B
                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00645DCF
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00645DDD
                                                                • GetWindowRect.USER32(00000000,?), ref: 00645DEF
                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00645E31
                                                                • GetDlgItem.USER32(?,000003EA), ref: 00645E44
                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00645E5A
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00645E67
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                • String ID:
                                                                • API String ID: 3096461208-0
                                                                • Opcode ID: 6b3bb2a55c11e0a872a8b7cdc686ec204a9e43d689fdcb4e4368a37a8c9480af
                                                                • Instruction ID: b55079734d5b5e1f2345cf6fe245485fdb456c90c72fb7d00e25bf0945c8210c
                                                                • Opcode Fuzzy Hash: 6b3bb2a55c11e0a872a8b7cdc686ec204a9e43d689fdcb4e4368a37a8c9480af
                                                                • Instruction Fuzzy Hash: A9512D70A00615AFDB18CF68CD99AAEBBB6FF48310F149129F51AE6291D7709E40CB50
                                                                Function 005F8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,005F8BE8,?,00000000,?,?,?,?,005F8BBA,00000000,?), ref: 005F8FC5
                                                                • DestroyWindow.USER32(?), ref: 005F8C81
                                                                • KillTimer.USER32(00000000,?,?,?,?,005F8BBA,00000000,?), ref: 005F8D1B
                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00636973
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,005F8BBA,00000000,?), ref: 006369A1
                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,005F8BBA,00000000,?), ref: 006369B8
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,005F8BBA,00000000), ref: 006369D4
                                                                • DeleteObject.GDI32(00000000), ref: 006369E6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                • String ID:
                                                                • API String ID: 641708696-0
                                                                • Opcode ID: 5246060e4c935c230f5034831dee33f33d141ddf3d7da4feacdaf6cc5ee7b1a1
                                                                • Instruction ID: 192193a75532dbe953938a6f28008ed9562a10c2cc04b434c94f66eb5be94d5f
                                                                • Opcode Fuzzy Hash: 5246060e4c935c230f5034831dee33f33d141ddf3d7da4feacdaf6cc5ee7b1a1
                                                                • Instruction Fuzzy Hash: CB61BA70002619EFCB259F14C968B757BF2FB41312F50AA1DE2469E6A0CB39ADD0CF90
                                                                Function 005F9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9944: GetWindowLongW.USER32(?,000000EB), ref: 005F9952
                                                                • GetSysColor.USER32(0000000F), ref: 005F9862
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ColorLongWindow
                                                                • String ID:
                                                                • API String ID: 259745315-0
                                                                • Opcode ID: a40c1686f3bff53d8a4de0c4bc5663ec17e8635384121949cf4fdf3a9f8d3c23
                                                                • Instruction ID: d47c4d1761f39f3ab2482a927208fe90a2a32856ef66e1269012669ae410a32e
                                                                • Opcode Fuzzy Hash: a40c1686f3bff53d8a4de0c4bc5663ec17e8635384121949cf4fdf3a9f8d3c23
                                                                • Instruction Fuzzy Hash: 7E41F671100A48AFDB345F389C88BB93FA6FB56370F144619FAA6872E1C7359C81DB50
                                                                Function 00618D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .`
                                                                • API String ID: 0-3826532246
                                                                • Opcode ID: 11ddbb78b1473920c2fb8486d0348df66e500886466c858ad54c872ddd28f62c
                                                                • Instruction ID: e148ee2720a18e2b7d4d29fbc2dd3586cb686c5588e789fe9b829428ca2690df
                                                                • Opcode Fuzzy Hash: 11ddbb78b1473920c2fb8486d0348df66e500886466c858ad54c872ddd28f62c
                                                                • Instruction Fuzzy Hash: 64C1C374E042499FDB25DFA8D851BEEBBB6AF09310F1C419DE814A7392C7309982CB65
                                                                Function 006496E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0062F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00649717
                                                                • LoadStringW.USER32(00000000,?,0062F7F8,00000001), ref: 00649720
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0062F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00649742
                                                                • LoadStringW.USER32(00000000,?,0062F7F8,00000001), ref: 00649745
                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00649866
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                • API String ID: 747408836-2268648507
                                                                • Opcode ID: eaa73cf0a331c8f28b0da060b16dce829dfa65eb5811274529d4a8209b41a4cf
                                                                • Instruction ID: c9d74f2242dd0f3f989212e0e89633dd91b4a7cfb4670153d2e0afaf4b624194
                                                                • Opcode Fuzzy Hash: eaa73cf0a331c8f28b0da060b16dce829dfa65eb5811274529d4a8209b41a4cf
                                                                • Instruction Fuzzy Hash: 8341507280414AAACB18FBE1CD4ADEE7B7ABF95340F600465B50572092EA356F49CB71
                                                                Function 006406DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 006407A2
                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 006407BE
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 006407DA
                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00640804
                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0064082C
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00640837
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0064083C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                • API String ID: 323675364-22481851
                                                                • Opcode ID: 8187833e31a49dd52155ff2583f41317d835d7063e5f7930d080c3852cc7dfbd
                                                                • Instruction ID: 4f803ed666cffd600ee34fab557029eecd33b457d4ed0cedab79bce8d089fa3e
                                                                • Opcode Fuzzy Hash: 8187833e31a49dd52155ff2583f41317d835d7063e5f7930d080c3852cc7dfbd
                                                                • Instruction Fuzzy Hash: 9A413B72C00269ABDF19EBA4DC99CEDBB79BF84350F154129E945A3161EB306E44CBA0
                                                                Function 00663C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00663C5C
                                                                • CoInitialize.OLE32(00000000), ref: 00663C8A
                                                                • CoUninitialize.OLE32 ref: 00663C94
                                                                • _wcslen.LIBCMT ref: 00663D2D
                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00663DB1
                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00663ED5
                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00663F0E
                                                                • CoGetObject.OLE32(?,00000000,0067FB98,?), ref: 00663F2D
                                                                • SetErrorMode.KERNEL32(00000000), ref: 00663F40
                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00663FC4
                                                                • VariantClear.OLEAUT32(?), ref: 00663FD8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                • String ID:
                                                                • API String ID: 429561992-0
                                                                • Opcode ID: 2ad0fe8181c1b8543dd78b00bbadbb7673c95c1a53fa99ff9b6e36cf9a447598
                                                                • Instruction ID: 0fa6a06d6cd6d02e54ea0a7eb2e3a17450dd28ceca730d3e51afb4e1641e340e
                                                                • Opcode Fuzzy Hash: 2ad0fe8181c1b8543dd78b00bbadbb7673c95c1a53fa99ff9b6e36cf9a447598
                                                                • Instruction Fuzzy Hash: ADC13171608215AFD700DF68C88496BBBEAFF89744F00491DF98A9B351DB31EE46CB52
                                                                Function 00657A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 00657AF3
                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00657B8F
                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00657BA3
                                                                • CoCreateInstance.OLE32(0067FD08,00000000,00000001,006A6E6C,?), ref: 00657BEF
                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00657C74
                                                                • CoTaskMemFree.OLE32(?,?), ref: 00657CCC
                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00657D57
                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00657D7A
                                                                • CoTaskMemFree.OLE32(00000000), ref: 00657D81
                                                                • CoTaskMemFree.OLE32(00000000), ref: 00657DD6
                                                                • CoUninitialize.OLE32 ref: 00657DDC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                • String ID:
                                                                • API String ID: 2762341140-0
                                                                • Opcode ID: 6cc2a7e1fd84c609ee1d7f41fdf1283bbf7dcc7873cec6b35488dcc50f72e21e
                                                                • Instruction ID: 2089db3a3fece5ecf82d9124290a52138f20e45c4e38f991afc44a9969a54a5c
                                                                • Opcode Fuzzy Hash: 6cc2a7e1fd84c609ee1d7f41fdf1283bbf7dcc7873cec6b35488dcc50f72e21e
                                                                • Instruction Fuzzy Hash: 7CC14C75A04109AFCB14DF64D888DAEBBFAFF48315F148199E8199B361D730ED45CB90
                                                                Function 0067541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00675504
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00675515
                                                                • CharNextW.USER32(00000158), ref: 00675544
                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00675585
                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0067559B
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006755AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CharNext
                                                                • String ID:
                                                                • API String ID: 1350042424-0
                                                                • Opcode ID: 44c9bb5a1aeb4f107d1a90ca32fda8fc30537a9ba62a55aafff1db1850f59dcf
                                                                • Instruction ID: e15e6badf43437076cd5b3375523c1f06052e9833993b38fcc7d1b2189442c9b
                                                                • Opcode Fuzzy Hash: 44c9bb5a1aeb4f107d1a90ca32fda8fc30537a9ba62a55aafff1db1850f59dcf
                                                                • Instruction Fuzzy Hash: 4A617070904609EFDF10DF54CC859FE7BBBEB05760F108189F62AAA290D7B49A81DB61
                                                                Function 0063FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0063FAAF
                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 0063FB08
                                                                • VariantInit.OLEAUT32(?), ref: 0063FB1A
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 0063FB3A
                                                                • VariantCopy.OLEAUT32(?,?), ref: 0063FB8D
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 0063FBA1
                                                                • VariantClear.OLEAUT32(?), ref: 0063FBB6
                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 0063FBC3
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0063FBCC
                                                                • VariantClear.OLEAUT32(?), ref: 0063FBDE
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0063FBE9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                • String ID:
                                                                • API String ID: 2706829360-0
                                                                • Opcode ID: b52939a8411bf4a32ffe0c3eb4e9222aaa2446fc3e0be0520841ed0f4d240709
                                                                • Instruction ID: 3c8a475c0fb25317d8891f6d7f59f6867a0a75ad60a350f4ba8aeb386bb425c3
                                                                • Opcode Fuzzy Hash: b52939a8411bf4a32ffe0c3eb4e9222aaa2446fc3e0be0520841ed0f4d240709
                                                                • Instruction Fuzzy Hash: 9E415F75E00219DFCB04DF64D858DEEBBBAFF48354F009069E95AA7261DB30A985CB90
                                                                Function 00649C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 00649CA1
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00649D22
                                                                • GetKeyState.USER32(000000A0), ref: 00649D3D
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00649D57
                                                                • GetKeyState.USER32(000000A1), ref: 00649D6C
                                                                • GetAsyncKeyState.USER32(00000011), ref: 00649D84
                                                                • GetKeyState.USER32(00000011), ref: 00649D96
                                                                • GetAsyncKeyState.USER32(00000012), ref: 00649DAE
                                                                • GetKeyState.USER32(00000012), ref: 00649DC0
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00649DD8
                                                                • GetKeyState.USER32(0000005B), ref: 00649DEA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: 054d83d3da1d8c68bfdd8ebc9a29aa380caff9bba040af3d586eecf03f878776
                                                                • Instruction ID: 720f07d48e0e6b207517650c572ebdcc993858d86a5cafcf5cd4cd073c45d042
                                                                • Opcode Fuzzy Hash: 054d83d3da1d8c68bfdd8ebc9a29aa380caff9bba040af3d586eecf03f878776
                                                                • Instruction Fuzzy Hash: E541E830984BC96DFF348A6088443F7BEA36F12304F04805EC6C6563C2DBA599C4CBB2
                                                                Function 0066055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAStartup.WSOCK32(00000101,?), ref: 006605BC
                                                                • inet_addr.WSOCK32(?), ref: 0066061C
                                                                • gethostbyname.WSOCK32(?), ref: 00660628
                                                                • IcmpCreateFile.IPHLPAPI ref: 00660636
                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 006606C6
                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 006606E5
                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 006607B9
                                                                • WSACleanup.WSOCK32 ref: 006607BF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                • String ID: Ping
                                                                • API String ID: 1028309954-2246546115
                                                                • Opcode ID: 542f450087e33e4bbca130ebfc4ab18398f85712777ce21bd48ea45aa375b8cd
                                                                • Instruction ID: 725b7d7905d0aa3039ab16eaf8b65ca29c760e7037f6bf2ba4d16ea1f172c5d9
                                                                • Opcode Fuzzy Hash: 542f450087e33e4bbca130ebfc4ab18398f85712777ce21bd48ea45aa375b8cd
                                                                • Instruction Fuzzy Hash: DE917C35604241AFE324DF15D588F5ABFE2BF84318F1485A9E46A8B7A2C730ED85CF91
                                                                Function 00668CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharLower
                                                                • String ID: cdecl$none$stdcall$winapi
                                                                • API String ID: 707087890-567219261
                                                                • Opcode ID: fdb8d3fe881d6978c4a5b336febb6d99e63c9cf9053fbb586b26cb34b9b989f2
                                                                • Instruction ID: 80a9d4eafde5fd8a98fbf920e7616d6aef509e1a1a15a3b95aa71a6e1790a79b
                                                                • Opcode Fuzzy Hash: fdb8d3fe881d6978c4a5b336febb6d99e63c9cf9053fbb586b26cb34b9b989f2
                                                                • Instruction Fuzzy Hash: 35518C72A041169FCB24DF78C9509FEB7A6BF65324B204329E966A73C4DB31DD408BA0
                                                                Function 0066372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32 ref: 00663774
                                                                • CoUninitialize.OLE32 ref: 0066377F
                                                                • CoCreateInstance.OLE32(?,00000000,00000017,0067FB78,?), ref: 006637D9
                                                                • IIDFromString.OLE32(?,?), ref: 0066384C
                                                                • VariantInit.OLEAUT32(?), ref: 006638E4
                                                                • VariantClear.OLEAUT32(?), ref: 00663936
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                • API String ID: 636576611-1287834457
                                                                • Opcode ID: 34b5653c4fd54326994ed8a29b6d9a194549b16fe18cc61da69a994839a6bf99
                                                                • Instruction ID: a73a9921e44b0a7762fffcab9cde26cf8caeefad0a026d96061d6c61ed4b33a3
                                                                • Opcode Fuzzy Hash: 34b5653c4fd54326994ed8a29b6d9a194549b16fe18cc61da69a994839a6bf99
                                                                • Instruction Fuzzy Hash: E761A070608321AFD310DF54C849BAABBEAEF89710F00090DF9859B391D770EE49CB96
                                                                Function 00678B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                  • Part of subcall function 005F912D: GetCursorPos.USER32(?), ref: 005F9141
                                                                  • Part of subcall function 005F912D: ScreenToClient.USER32(00000000,?), ref: 005F915E
                                                                  • Part of subcall function 005F912D: GetAsyncKeyState.USER32(00000001), ref: 005F9183
                                                                  • Part of subcall function 005F912D: GetAsyncKeyState.USER32(00000002), ref: 005F919D
                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00678B6B
                                                                • ImageList_EndDrag.COMCTL32 ref: 00678B71
                                                                • ReleaseCapture.USER32 ref: 00678B77
                                                                • SetWindowTextW.USER32(?,00000000), ref: 00678C12
                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00678C25
                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00678CFF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#k
                                                                • API String ID: 1924731296-2800194813
                                                                • Opcode ID: 34f7d085456c21df438862bee4689e4a960e32e70fea51d822f09ea0fc0d916d
                                                                • Instruction ID: 721a61c0c43bd09deb57bc983f76e742e67d82447e6eecbd06f0ede1c47b30fc
                                                                • Opcode Fuzzy Hash: 34f7d085456c21df438862bee4689e4a960e32e70fea51d822f09ea0fc0d916d
                                                                • Instruction Fuzzy Hash: 0D518E71104344AFD704EF14CC5AFAA7BE6FB84710F40062DF999572A1CB719D44CB62
                                                                Function 00653388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 006533CF
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 006533F0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-3080491070
                                                                • Opcode ID: 7235b1a334046641cf37ee943ab1d62a8fd55bb2a755ef459410214a2dd56e7a
                                                                • Instruction ID: cbb2f04de186dc0df6490ec79642a2586ce03d201f238064a72a55e42eeb006f
                                                                • Opcode Fuzzy Hash: 7235b1a334046641cf37ee943ab1d62a8fd55bb2a755ef459410214a2dd56e7a
                                                                • Instruction Fuzzy Hash: DE51B37180014AAADF19EBA0CD4AEEEBBBAFF45740F244165F50572161EB312F98CF60
                                                                Function 0064B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                • API String ID: 1256254125-769500911
                                                                • Opcode ID: 4bf7c70b31ddbc9935ed239c266efa6c14018e5164037cfae7d62defac36fad1
                                                                • Instruction ID: 9943be374e83f604c99ca196fe4899c4b48bbcea28adad7ceefce4ebd3fd76f4
                                                                • Opcode Fuzzy Hash: 4bf7c70b31ddbc9935ed239c266efa6c14018e5164037cfae7d62defac36fad1
                                                                • Instruction Fuzzy Hash: DF41D632A010279BCB20AF7DC8905FE7BA7BFA1754B265129E961DB384E731CD81C790
                                                                Function 00655393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 006553A0
                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00655416
                                                                • GetLastError.KERNEL32 ref: 00655420
                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 006554A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                • API String ID: 4194297153-14809454
                                                                • Opcode ID: 2a715bb731e88bb79f8c51b85794c0c57ea493b026f1caf54156d87a63c98bc6
                                                                • Instruction ID: 1201c476e611a578ce9b36ff1528161d746b20b44e2e58660d19e759b0938037
                                                                • Opcode Fuzzy Hash: 2a715bb731e88bb79f8c51b85794c0c57ea493b026f1caf54156d87a63c98bc6
                                                                • Instruction Fuzzy Hash: CD31B335A006459FD714DF68C898AE9BBF6FF45306F188069E806CB392D731DD8ACB90
                                                                Function 00673C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateMenu.USER32 ref: 00673C79
                                                                • SetMenu.USER32(?,00000000), ref: 00673C88
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00673D10
                                                                • IsMenu.USER32(?), ref: 00673D24
                                                                • CreatePopupMenu.USER32 ref: 00673D2E
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00673D5B
                                                                • DrawMenuBar.USER32 ref: 00673D63
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                • String ID: 0$F
                                                                • API String ID: 161812096-3044882817
                                                                • Opcode ID: 405f21cbca96f09f67e2f54564717628b614aeccacc7f8669d25306685352115
                                                                • Instruction ID: 0e8f7fdc95edf26eec8b3ecff8626954a576a65f45fdfae784a02e76f6557e42
                                                                • Opcode Fuzzy Hash: 405f21cbca96f09f67e2f54564717628b614aeccacc7f8669d25306685352115
                                                                • Instruction Fuzzy Hash: 3C419A74A01219EFDB28CF64D854AEA7BB6FF49310F14402CF94AA7360D771AA10DF90
                                                                Function 00641EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 00643CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00643CCA
                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00641F64
                                                                • GetDlgCtrlID.USER32 ref: 00641F6F
                                                                • GetParent.USER32 ref: 00641F8B
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00641F8E
                                                                • GetDlgCtrlID.USER32(?), ref: 00641F97
                                                                • GetParent.USER32(?), ref: 00641FAB
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00641FAE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: 3d21812298eb40e49def2c75d82dbe940f1d7954ce6f480d9921603c958fc651
                                                                • Instruction ID: 439ffb3fc90a5a5e85cfafd39ff7f8860c243c48796760d09ef8e39518543c06
                                                                • Opcode Fuzzy Hash: 3d21812298eb40e49def2c75d82dbe940f1d7954ce6f480d9921603c958fc651
                                                                • Instruction Fuzzy Hash: F521D170900214BBCF08AFA0CC85EEEBBBAEF06310F100159F965A72A1DB355989DB60
                                                                Function 00673A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00673A9D
                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00673AA0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00673AC7
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00673AEA
                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00673B62
                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00673BAC
                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00673BC7
                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00673BE2
                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00673BF6
                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00673C13
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$LongWindow
                                                                • String ID:
                                                                • API String ID: 312131281-0
                                                                • Opcode ID: 5fa013c3a0d7fb167a09ec1d6ea426e888b18b5443b2fc43fff15d5a3a97ce81
                                                                • Instruction ID: 23ee6755b3b31fb594e4d7413c32dfd7c1e5ff08a22df2a020a9bc2ca4dd99e6
                                                                • Opcode Fuzzy Hash: 5fa013c3a0d7fb167a09ec1d6ea426e888b18b5443b2fc43fff15d5a3a97ce81
                                                                • Instruction Fuzzy Hash: FD616CB5900258AFDB11DF68CC81EEE77B9EB09710F104199FA19AB391D770AE81DF50
                                                                Function 0064B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 0064B151
                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0064A1E1,?,00000001), ref: 0064B165
                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 0064B16C
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0064A1E1,?,00000001), ref: 0064B17B
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 0064B18D
                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0064A1E1,?,00000001), ref: 0064B1A6
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0064A1E1,?,00000001), ref: 0064B1B8
                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0064A1E1,?,00000001), ref: 0064B1FD
                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0064A1E1,?,00000001), ref: 0064B212
                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0064A1E1,?,00000001), ref: 0064B21D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                • String ID:
                                                                • API String ID: 2156557900-0
                                                                • Opcode ID: f71ae3ee0a9c9461c4675949bab8675d5e6d0406add55fdaebaceb91b70189a1
                                                                • Instruction ID: f696531b8e61961a3a68eb2cc38e9426e94780bcaa60143833387fc3ec213f67
                                                                • Opcode Fuzzy Hash: f71ae3ee0a9c9461c4675949bab8675d5e6d0406add55fdaebaceb91b70189a1
                                                                • Instruction Fuzzy Hash: 663189B1640218AFDB14AF24DC88BBE7BABBF51321F146119FA05D7390D7B4DA808F60
                                                                Function 00612C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00612C94
                                                                  • Part of subcall function 006129C8: HeapFree.KERNEL32(00000000,00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000), ref: 006129DE
                                                                  • Part of subcall function 006129C8: GetLastError.KERNEL32(00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000,00000000), ref: 006129F0
                                                                • _free.LIBCMT ref: 00612CA0
                                                                • _free.LIBCMT ref: 00612CAB
                                                                • _free.LIBCMT ref: 00612CB6
                                                                • _free.LIBCMT ref: 00612CC1
                                                                • _free.LIBCMT ref: 00612CCC
                                                                • _free.LIBCMT ref: 00612CD7
                                                                • _free.LIBCMT ref: 00612CE2
                                                                • _free.LIBCMT ref: 00612CED
                                                                • _free.LIBCMT ref: 00612CFB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: d730da81bd45cf07be6670168b57077f32aefe72bf61ca66d9cb41ce16f66cb2
                                                                • Instruction ID: 190b2032d830512401e0dd5d9d85a80bfcc0d76b748cd059a187064eeec57530
                                                                • Opcode Fuzzy Hash: d730da81bd45cf07be6670168b57077f32aefe72bf61ca66d9cb41ce16f66cb2
                                                                • Instruction Fuzzy Hash: 3211E976100109BFCB42EF59D852CDD3BA6FF05760F4548A8FA485F222D631EEB09B94
                                                                Function 00657DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00657FAD
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00657FC1
                                                                • GetFileAttributesW.KERNEL32(?), ref: 00657FEB
                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00658005
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00658017
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00658060
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006580B0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory$AttributesFile
                                                                • String ID: *.*
                                                                • API String ID: 769691225-438819550
                                                                • Opcode ID: 549fed2ee03d8f1132f10d7d55ac20e34f3d897dfa3fa216fbb073523334b797
                                                                • Instruction ID: c84cd9625253fc7a4774ae6fbf8290a4b6d95540605449965b11654214b36d69
                                                                • Opcode Fuzzy Hash: 549fed2ee03d8f1132f10d7d55ac20e34f3d897dfa3fa216fbb073523334b797
                                                                • Instruction Fuzzy Hash: 5881CF725083459FCB24EF14D8469AAB7EABF88312F14486EFC85D7250EB34DD49CB92
                                                                Function 005E5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(?,000000EB), ref: 005E5C7A
                                                                  • Part of subcall function 005E5D0A: GetClientRect.USER32(?,?), ref: 005E5D30
                                                                  • Part of subcall function 005E5D0A: GetWindowRect.USER32(?,?), ref: 005E5D71
                                                                  • Part of subcall function 005E5D0A: ScreenToClient.USER32(?,?), ref: 005E5D99
                                                                • GetDC.USER32 ref: 006246F5
                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00624708
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00624716
                                                                • SelectObject.GDI32(00000000,00000000), ref: 0062472B
                                                                • ReleaseDC.USER32(?,00000000), ref: 00624733
                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 006247C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                • String ID: U
                                                                • API String ID: 4009187628-3372436214
                                                                • Opcode ID: 18ec98b1fe719cae54d68bd16ee29b352ba166800bd7475c24f34d5908615d0a
                                                                • Instruction ID: ad652d12f1d5ce589c4fc16bb4186396260c3368635a2eddefcd2ddef961b3db
                                                                • Opcode Fuzzy Hash: 18ec98b1fe719cae54d68bd16ee29b352ba166800bd7475c24f34d5908615d0a
                                                                • Instruction Fuzzy Hash: FB710231500A05DFCF258F64D984AFA3BB7FF4A324F244269EDA95A266DB318C81DF50
                                                                Function 0065359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006535E4
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • LoadStringW.USER32(006B2390,?,00000FFF,?), ref: 0065360A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-2391861430
                                                                • Opcode ID: b5880a0a520d4b3a78a1a7ecb1fe632dc805cd122606c0e1a784d9a1544241aa
                                                                • Instruction ID: 16ee8ac055c1d3aada1eed0dde4ff8a55c11e916da2e789b59e050947e1c8716
                                                                • Opcode Fuzzy Hash: b5880a0a520d4b3a78a1a7ecb1fe632dc805cd122606c0e1a784d9a1544241aa
                                                                • Instruction Fuzzy Hash: 2251AF71C0025ABACF19EBA1CC46EEEBB7AFF48741F144129F505721A1EB301A89CF60
                                                                Function 0065C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0065C272
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0065C29A
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0065C2CA
                                                                • GetLastError.KERNEL32 ref: 0065C322
                                                                • SetEvent.KERNEL32(?), ref: 0065C336
                                                                • InternetCloseHandle.WININET(00000000), ref: 0065C341
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                • String ID:
                                                                • API String ID: 3113390036-3916222277
                                                                • Opcode ID: c1f80c72358af9b17f22c4e2ca0c626332e09a6c784d6c4b90baa552da27c192
                                                                • Instruction ID: a12d65221e6d828a1e599427caee19dc67362560900d4efcceb907cdc568b98b
                                                                • Opcode Fuzzy Hash: c1f80c72358af9b17f22c4e2ca0c626332e09a6c784d6c4b90baa552da27c192
                                                                • Instruction Fuzzy Hash: C13181B1500308AFD7259F64CC88AAB7BFEEF49765F10851DF84AD2211DB30DD499B60
                                                                Function 0064989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00623AAF,?,?,Bad directive syntax error,0067CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 006498BC
                                                                • LoadStringW.USER32(00000000,?,00623AAF,?), ref: 006498C3
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00649987
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                • API String ID: 858772685-4153970271
                                                                • Opcode ID: 22a8d5d33736e66b8d1bbc632e6f470c47df57adb1edd584aa62eb4299f321ff
                                                                • Instruction ID: 2371681afe9f5cf1b14b924b9db78d79436d3f67dae89c94813de56be575f967
                                                                • Opcode Fuzzy Hash: 22a8d5d33736e66b8d1bbc632e6f470c47df57adb1edd584aa62eb4299f321ff
                                                                • Instruction Fuzzy Hash: BB21763184025EEBCF19AF90CC0AEEE7B76FF59300F084469F519660A1EB719A58DF60
                                                                Function 0064209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32 ref: 006420AB
                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 006420C0
                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0064214D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameParentSend
                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                • API String ID: 1290815626-3381328864
                                                                • Opcode ID: 68f7bd23b21d64b01aa3733b3214684590c5a73fe1bdd88cc03f017323de0eaf
                                                                • Instruction ID: 809247a488acf84487acdb88c561c7306c94826a3a467dc68943b99d5a452b1e
                                                                • Opcode Fuzzy Hash: 68f7bd23b21d64b01aa3733b3214684590c5a73fe1bdd88cc03f017323de0eaf
                                                                • Instruction Fuzzy Hash: 08113A762C4307B9F7157224DC26DE7379FCB06725B71001AF705A60D1EE655C425A28
                                                                Function 0061CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                • String ID:
                                                                • API String ID: 1282221369-0
                                                                • Opcode ID: 99cb95ec8e2edbee603f041f1dc742ffe28a9ba76aff41bed00000573e7d7cb7
                                                                • Instruction ID: a211cf600d57d4c369516523d3ed228e5a5be57c86c7952690126b8fcfe7a60a
                                                                • Opcode Fuzzy Hash: 99cb95ec8e2edbee603f041f1dc742ffe28a9ba76aff41bed00000573e7d7cb7
                                                                • Instruction Fuzzy Hash: 416127B1944301AFDB21AFB89891AEE7BA7AF05730F0C416DF94497381D6319DC2C794
                                                                Function 005F8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00636890
                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 006368A9
                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 006368B9
                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 006368D1
                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 006368F2
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,005F8874,00000000,00000000,00000000,000000FF,00000000), ref: 00636901
                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0063691E
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,005F8874,00000000,00000000,00000000,000000FF,00000000), ref: 0063692D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                • String ID:
                                                                • API String ID: 1268354404-0
                                                                • Opcode ID: fc48fa38c1b230b85ec61cff4e753e655c768114fc02674de68d1968af6061d4
                                                                • Instruction ID: d02183a830b7712c2287304b0056b2dc2b2b11885106daf2b88fc1fa54376cea
                                                                • Opcode Fuzzy Hash: fc48fa38c1b230b85ec61cff4e753e655c768114fc02674de68d1968af6061d4
                                                                • Instruction Fuzzy Hash: 0F519A70600609FFDB24CF25CC95BBA7BB6FB48360F104518FA56972A0DB74E990DB50
                                                                Function 0065C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0065C182
                                                                • GetLastError.KERNEL32 ref: 0065C195
                                                                • SetEvent.KERNEL32(?), ref: 0065C1A9
                                                                  • Part of subcall function 0065C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0065C272
                                                                  • Part of subcall function 0065C253: GetLastError.KERNEL32 ref: 0065C322
                                                                  • Part of subcall function 0065C253: SetEvent.KERNEL32(?), ref: 0065C336
                                                                  • Part of subcall function 0065C253: InternetCloseHandle.WININET(00000000), ref: 0065C341
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                • String ID:
                                                                • API String ID: 337547030-0
                                                                • Opcode ID: d3a3d1f9d6c75764ac591d73d65da573ec05dc4ce1f56d9bf10e58b18673e8e3
                                                                • Instruction ID: 044a99d6c571981acbda733f5928b527658adf957606e089daefbf8369524df7
                                                                • Opcode Fuzzy Hash: d3a3d1f9d6c75764ac591d73d65da573ec05dc4ce1f56d9bf10e58b18673e8e3
                                                                • Instruction Fuzzy Hash: AF318F71200701AFDB259FA5DC44AA6BBFAFF58322F10441DFD5A86611DB30E958DBA0
                                                                Function 006425A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00643A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00643A57
                                                                  • Part of subcall function 00643A3D: GetCurrentThreadId.KERNEL32 ref: 00643A5E
                                                                  • Part of subcall function 00643A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006425B3), ref: 00643A65
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 006425BD
                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 006425DB
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 006425DF
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 006425E9
                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00642601
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00642605
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 0064260F
                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00642623
                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00642627
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                • String ID:
                                                                • API String ID: 2014098862-0
                                                                • Opcode ID: cbf9cfe559824737038b9347b04d00f80f3266c1fa0059b8c274d726a234e0c4
                                                                • Instruction ID: 5c95818e10cb0eb59892352eb63eea1c61444d6cd9355e4414d86eef6a52bd0b
                                                                • Opcode Fuzzy Hash: cbf9cfe559824737038b9347b04d00f80f3266c1fa0059b8c274d726a234e0c4
                                                                • Instruction Fuzzy Hash: F801D430390220BBFB106768DC8AF593F5ADF4EB22F501019F318AE1D1C9E22484DA69
                                                                Function 00641803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00641449,?,?,00000000), ref: 0064180C
                                                                • HeapAlloc.KERNEL32(00000000,?,00641449,?,?,00000000), ref: 00641813
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00641449,?,?,00000000), ref: 00641828
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00641449,?,?,00000000), ref: 00641830
                                                                • DuplicateHandle.KERNEL32(00000000,?,00641449,?,?,00000000), ref: 00641833
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00641449,?,?,00000000), ref: 00641843
                                                                • GetCurrentProcess.KERNEL32(00641449,00000000,?,00641449,?,?,00000000), ref: 0064184B
                                                                • DuplicateHandle.KERNEL32(00000000,?,00641449,?,?,00000000), ref: 0064184E
                                                                • CreateThread.KERNEL32(00000000,00000000,00641874,00000000,00000000,00000000), ref: 00641868
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                • String ID:
                                                                • API String ID: 1957940570-0
                                                                • Opcode ID: 5750034d011bc347229dac8647cb6a0eb440969b0e89242088df4e380e514827
                                                                • Instruction ID: 34c26757027763f79b40eb35ffb079cb63c6407abf20580f897f1e6b3157fdb7
                                                                • Opcode Fuzzy Hash: 5750034d011bc347229dac8647cb6a0eb440969b0e89242088df4e380e514827
                                                                • Instruction Fuzzy Hash: 3D01CDB5240308BFE710AFB5DC4DF6B3BADEB89B21F415425FA09DB1A1DA709840CB20
                                                                Function 00613E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: __alldvrm$_strrchr
                                                                • String ID: }}`$}}`$}}`
                                                                • API String ID: 1036877536-2075275272
                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction ID: fe2b549521159d5d3f02242a4381776987007b657943d55c7321b2e254422827
                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction Fuzzy Hash: BFA15672D00296AFD715CF18C8927FABBE6EF26350F1C41ADE5859B381CA3489C2C750
                                                                Function 0066A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0064D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0064D501
                                                                  • Part of subcall function 0064D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0064D50F
                                                                  • Part of subcall function 0064D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 0064D5DC
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0066A16D
                                                                • GetLastError.KERNEL32 ref: 0066A180
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0066A1B3
                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0066A268
                                                                • GetLastError.KERNEL32(00000000), ref: 0066A273
                                                                • CloseHandle.KERNEL32(00000000), ref: 0066A2C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 1701285019-2896544425
                                                                • Opcode ID: d533e7da682cc7fa9ba8d424785ead5a60743c3f73f7048765f3c11916a5b028
                                                                • Instruction ID: 81e1b9d3285d28dcf00df7b471c0ee29bce14baa4d92924d90e170df79ccd0ba
                                                                • Opcode Fuzzy Hash: d533e7da682cc7fa9ba8d424785ead5a60743c3f73f7048765f3c11916a5b028
                                                                • Instruction Fuzzy Hash: D161BF302042429FD724DF59C494F56BBE6AF44318F18849CE46A9B7A3C772ED86CF92
                                                                Function 00673886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00673925
                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0067393A
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00673954
                                                                • _wcslen.LIBCMT ref: 00673999
                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 006739C6
                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 006739F4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window_wcslen
                                                                • String ID: SysListView32
                                                                • API String ID: 2147712094-78025650
                                                                • Opcode ID: 31580c2bdebb0311b2a18c7e5648bbaff2f62d9d0270c0031160bd668e1761ce
                                                                • Instruction ID: b52dd5d61c549521825994efe80ba207884e87a5c433a368d6c56e76719cd72d
                                                                • Opcode Fuzzy Hash: 31580c2bdebb0311b2a18c7e5648bbaff2f62d9d0270c0031160bd668e1761ce
                                                                • Instruction Fuzzy Hash: E3417371A00219ABDB259F64CC49BEA7BAAFF08350F10452AF95CE7381D7719E80DB90
                                                                Function 0064BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0064BCFD
                                                                • IsMenu.USER32(00000000), ref: 0064BD1D
                                                                • CreatePopupMenu.USER32 ref: 0064BD53
                                                                • GetMenuItemCount.USER32(014C7C28), ref: 0064BDA4
                                                                • InsertMenuItemW.USER32(014C7C28,?,00000001,00000030), ref: 0064BDCC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                • String ID: 0$2
                                                                • API String ID: 93392585-3793063076
                                                                • Opcode ID: 99fc17549482c20f4031697f9abf6f5e22ed5ac1012511eabb5d9dfb89b6a7c9
                                                                • Instruction ID: 342b1bebae37a842a1261442b16dc1fa2f1841bbe187d1d06493a0070ab42e87
                                                                • Opcode Fuzzy Hash: 99fc17549482c20f4031697f9abf6f5e22ed5ac1012511eabb5d9dfb89b6a7c9
                                                                • Instruction Fuzzy Hash: 5051AD70A002059BDF24DFA8D8C4BEEBBF6AF45324F146299E41597390D770D945CB61
                                                                Function 00602D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _ValidateLocalCookies.LIBCMT ref: 00602D4B
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00602D53
                                                                • _ValidateLocalCookies.LIBCMT ref: 00602DE1
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00602E0C
                                                                • _ValidateLocalCookies.LIBCMT ref: 00602E61
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: &H`$csm
                                                                • API String ID: 1170836740-2734105892
                                                                • Opcode ID: 93379882103f2cb62462647bb450fb6515095f187306e46a83fdabf6d019ec11
                                                                • Instruction ID: 9ff78f4be1828ff277893d368e02f59c741e112d93dc32b9ac7a16252d655b8d
                                                                • Opcode Fuzzy Hash: 93379882103f2cb62462647bb450fb6515095f187306e46a83fdabf6d019ec11
                                                                • Instruction Fuzzy Hash: D441B634A4021AABCF18DF68C869ADFBBB7BF45324F148159E8146B3D2D7719E05CB90
                                                                Function 0064C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadIconW.USER32(00000000,00007F03), ref: 0064C913
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoad
                                                                • String ID: blank$info$question$stop$warning
                                                                • API String ID: 2457776203-404129466
                                                                • Opcode ID: 9f6e5556f56141923fbe38cc93988c19199a14e82e436c23577b916eea16166d
                                                                • Instruction ID: 348795ae5eab9b948e2b5a30ffed1c10de81dbda955d2439b12f12c472f15013
                                                                • Opcode Fuzzy Hash: 9f6e5556f56141923fbe38cc93988c19199a14e82e436c23577b916eea16166d
                                                                • Instruction Fuzzy Hash: AE112B3278A306BEE7586B18DC83CEB2B9EDF15334B10002EF504A63C2EF749D405668
                                                                Function 0064DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                • String ID: 0.0.0.0
                                                                • API String ID: 642191829-3771769585
                                                                • Opcode ID: c402dc06d94a39f58ff7f611dcc2b10f22297de3823f10214d43c6605bc46f3c
                                                                • Instruction ID: ae22aaec943d976cfa8dd2d6839e40ddbd5825b8e531f7dd91cf16b3bf131ccf
                                                                • Opcode Fuzzy Hash: c402dc06d94a39f58ff7f611dcc2b10f22297de3823f10214d43c6605bc46f3c
                                                                • Instruction Fuzzy Hash: 3E110671904105AFCB68AB60DC4AEEF77AEDF11720F01016DF509AA1D1EFB18A818B60
                                                                Function 0064ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$LocalTime
                                                                • String ID:
                                                                • API String ID: 952045576-0
                                                                • Opcode ID: 7a648ebc5dd832a34623f2c0eefaeffcc99e6c72d8cbd6a005cd6ee3bb7de1bc
                                                                • Instruction ID: 30faf002ca3a07471aaa69b0bde8800d20bfaeaf51f0222ac033bbeaed338358
                                                                • Opcode Fuzzy Hash: 7a648ebc5dd832a34623f2c0eefaeffcc99e6c72d8cbd6a005cd6ee3bb7de1bc
                                                                • Instruction Fuzzy Hash: 2C41D365C50218B5CB55EBF4C88A9CFB7AAAF05310F10856AF618E3161FB34E355C3E9
                                                                Function 005FF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0063682C,00000004,00000000,00000000), ref: 005FF953
                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0063682C,00000004,00000000,00000000), ref: 0063F3D1
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0063682C,00000004,00000000,00000000), ref: 0063F454
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ShowWindow
                                                                • String ID:
                                                                • API String ID: 1268545403-0
                                                                • Opcode ID: f1a183fb5b134a6eb67a1584007997eca1c499f12fda255e2803b9769a35e7c2
                                                                • Instruction ID: dbbc252f01b319c55ac2c60b0dcef6cf6f5e8331c0cd25f932c498f447242bd1
                                                                • Opcode Fuzzy Hash: f1a183fb5b134a6eb67a1584007997eca1c499f12fda255e2803b9769a35e7c2
                                                                • Instruction Fuzzy Hash: 29415D31604688BED7389B29CA9877B7F93BF46310F54543CE24B56E71C6BA98C0CB51
                                                                Function 00672D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 00672D1B
                                                                • GetDC.USER32(00000000), ref: 00672D23
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00672D2E
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00672D3A
                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00672D76
                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00672D87
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00675A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00672DC2
                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00672DE1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                • String ID:
                                                                • API String ID: 3864802216-0
                                                                • Opcode ID: a54bbc0e8445de19c1467ce3b27a64057645d1a0b4ea95422e48d1b96126901c
                                                                • Instruction ID: 6f0818e4e7ce795f4986b317368b0f18f6ec32d7d391d9fa32a4c2892c682879
                                                                • Opcode Fuzzy Hash: a54bbc0e8445de19c1467ce3b27a64057645d1a0b4ea95422e48d1b96126901c
                                                                • Instruction Fuzzy Hash: 43317F72201214BFEB258F50CC89FEB3BAAEF09725F044059FE0C9A291D6759C90C7A4
                                                                Function 00645622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: dd74d967965bd07f929ded3e5a358caeeb2fd83677c12d29a64f234893c0f010
                                                                • Instruction ID: 355c2821a35739f5d1b7e3febe1ed8bdbd9fd0e9e9ab5632f43b2bddc71544cc
                                                                • Opcode Fuzzy Hash: dd74d967965bd07f929ded3e5a358caeeb2fd83677c12d29a64f234893c0f010
                                                                • Instruction Fuzzy Hash: A821F861680A0977D31C56104EA2FFB334FEF22784F454034FD0A5A683FB21ED1285A9
                                                                Function 00664FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                • API String ID: 0-572801152
                                                                • Opcode ID: b25844e113c72a5a2419f7ba7ed0c323219da8a1385382d94c5b82e5a932a406
                                                                • Instruction ID: bbc93de774269523e4ba780df82c812370b76691c6cce539e10639ae092fa2c6
                                                                • Opcode Fuzzy Hash: b25844e113c72a5a2419f7ba7ed0c323219da8a1385382d94c5b82e5a932a406
                                                                • Instruction Fuzzy Hash: E3D1B571A0060AAFDF14DF98C882BEEB7B6BF48354F148069E916AB381E771DD45CB50
                                                                Function 00621522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,006217FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 006215CE
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00621651
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,006217FB,?,006217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006216E4
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006216FB
                                                                  • Part of subcall function 00613820: RtlAllocateHeap.NTDLL(00000000,?,006B1444,?,005FFDF5,?,?,005EA976,00000010,006B1440,005E13FC,?,005E13C6,?,005E1129), ref: 00613852
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,006217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00621777
                                                                • __freea.LIBCMT ref: 006217A2
                                                                • __freea.LIBCMT ref: 006217AE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                • String ID:
                                                                • API String ID: 2829977744-0
                                                                • Opcode ID: e6d2f0157a62d06dda45dc8d73e53a7d2b99eebbccab469d3ebd97ffecb734cc
                                                                • Instruction ID: f738f5e4c9e57bdee10dec93c0f536ae209ddba88366f0a615c40192729bcc0e
                                                                • Opcode Fuzzy Hash: e6d2f0157a62d06dda45dc8d73e53a7d2b99eebbccab469d3ebd97ffecb734cc
                                                                • Instruction Fuzzy Hash: B291D671E08A265ADF208E74E851AEE7BB79FA6310F184569E805EF281D735CD41CFA0
                                                                Function 00664523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit
                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                • API String ID: 2610073882-625585964
                                                                • Opcode ID: d20e903c013cfefe7b6c3580440962cc81570b22b44d0c5a03d228d6098f86b8
                                                                • Instruction ID: 3ee94f51d69eeadf5297773d759b53ee5f71ac5b5f355123886b8166435b68b8
                                                                • Opcode Fuzzy Hash: d20e903c013cfefe7b6c3580440962cc81570b22b44d0c5a03d228d6098f86b8
                                                                • Instruction Fuzzy Hash: 93916171A00219ABDF24CFA5CC44FEE7BBAEF46714F108559F515AB280DB709945CFA0
                                                                Function 00651187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0065125C
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00651284
                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 006512A8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006512D8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0065135F
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006513C4
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00651430
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                • String ID:
                                                                • API String ID: 2550207440-0
                                                                • Opcode ID: 3af14eaff8000b723eedc7056120a13649f03bfc71cda30779486b1285a63a36
                                                                • Instruction ID: ad89ad03cd0676d3dba5d3a3ca6a4dee01e5b244cd24402a1a8669b0bebaabd4
                                                                • Opcode Fuzzy Hash: 3af14eaff8000b723eedc7056120a13649f03bfc71cda30779486b1285a63a36
                                                                • Instruction Fuzzy Hash: 4591C271A00219AFDB04DF94C885BBEB7F6FF46326F144029E950EB291D774A989CB90
                                                                Function 005F948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 7a3a3b62beacc4ccd0f7508fc1a6925b93e4c6820b1ab2a95a01cf8ae81e0182
                                                                • Instruction ID: 1747835b8e7394a1432c9e44f7cd620bed40dd3dc43e8fa2724f182040d580b5
                                                                • Opcode Fuzzy Hash: 7a3a3b62beacc4ccd0f7508fc1a6925b93e4c6820b1ab2a95a01cf8ae81e0182
                                                                • Instruction Fuzzy Hash: C3912771D00619EFCB14CFA9C888AEEBFB9FF49320F144459E615B7251D379AA41CBA0
                                                                Function 00663947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 0066396B
                                                                • CharUpperBuffW.USER32(?,?), ref: 00663A7A
                                                                • _wcslen.LIBCMT ref: 00663A8A
                                                                • VariantClear.OLEAUT32(?), ref: 00663C1F
                                                                  • Part of subcall function 00650CDF: VariantInit.OLEAUT32(00000000), ref: 00650D1F
                                                                  • Part of subcall function 00650CDF: VariantCopy.OLEAUT32(?,?), ref: 00650D28
                                                                  • Part of subcall function 00650CDF: VariantClear.OLEAUT32(?), ref: 00650D34
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                • API String ID: 4137639002-1221869570
                                                                • Opcode ID: 2efea55af6e8ded9a72a428b67d3ca573675bcd83b036dfbba84fa429c220eaa
                                                                • Instruction ID: d5458466978275437a61287ab1770bc77e7184896058b572bae791cb253decb0
                                                                • Opcode Fuzzy Hash: 2efea55af6e8ded9a72a428b67d3ca573675bcd83b036dfbba84fa429c220eaa
                                                                • Instruction Fuzzy Hash: E09178746083459FC704EF24C48596ABBE6FF89314F14896EF88A9B351DB30EE45CB92
                                                                Function 00664BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0064000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?,?,?,0064035E), ref: 0064002B
                                                                  • Part of subcall function 0064000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?,?), ref: 00640046
                                                                  • Part of subcall function 0064000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?,?), ref: 00640054
                                                                  • Part of subcall function 0064000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?), ref: 00640064
                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00664C51
                                                                • _wcslen.LIBCMT ref: 00664D59
                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00664DCF
                                                                • CoTaskMemFree.OLE32(?), ref: 00664DDA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                • String ID: NULL Pointer assignment
                                                                • API String ID: 614568839-2785691316
                                                                • Opcode ID: 8f5f2750d8425c2cdfbeaa5790035a9ff7d5ca5ae7c01533c956a921e7a2ed7a
                                                                • Instruction ID: 93429cee705177eeb2a8be140b08f64a63a670eef336b293bb89097a544cf511
                                                                • Opcode Fuzzy Hash: 8f5f2750d8425c2cdfbeaa5790035a9ff7d5ca5ae7c01533c956a921e7a2ed7a
                                                                • Instruction Fuzzy Hash: 51911771D0021DAFDF14DFA4C895AEEBBBABF48310F108169E915A7251EB319E45CF60
                                                                Function 006720FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenu.USER32(?), ref: 00672183
                                                                • GetMenuItemCount.USER32(00000000), ref: 006721B5
                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 006721DD
                                                                • _wcslen.LIBCMT ref: 00672213
                                                                • GetMenuItemID.USER32(?,?), ref: 0067224D
                                                                • GetSubMenu.USER32(?,?), ref: 0067225B
                                                                  • Part of subcall function 00643A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00643A57
                                                                  • Part of subcall function 00643A3D: GetCurrentThreadId.KERNEL32 ref: 00643A5E
                                                                  • Part of subcall function 00643A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006425B3), ref: 00643A65
                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 006722E3
                                                                  • Part of subcall function 0064E97B: Sleep.KERNEL32 ref: 0064E9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                • String ID:
                                                                • API String ID: 4196846111-0
                                                                • Opcode ID: ff1c66aa3d07eb91dac233e508a28f360e9463be96a54ac455bfefd20f99fc85
                                                                • Instruction ID: 0f35a134719124490a2891cb6bde6fb3e2f1db033d4a10f8c4d55c5474fe71c6
                                                                • Opcode Fuzzy Hash: ff1c66aa3d07eb91dac233e508a28f360e9463be96a54ac455bfefd20f99fc85
                                                                • Instruction Fuzzy Hash: A8718375E00206AFCB14DF65C855AAEBBF6FF88310F148459E96AEB341D734EE418B90
                                                                Function 00677E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindow.USER32(014C7C00), ref: 00677F37
                                                                • IsWindowEnabled.USER32(014C7C00), ref: 00677F43
                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0067801E
                                                                • SendMessageW.USER32(014C7C00,000000B0,?,?), ref: 00678051
                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00678089
                                                                • GetWindowLongW.USER32(014C7C00,000000EC), ref: 006780AB
                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 006780C3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                • String ID:
                                                                • API String ID: 4072528602-0
                                                                • Opcode ID: d0c51dadda0b491d7f66c9ae841f47455675fa83933e104cd3b0d74dab729ada
                                                                • Instruction ID: 8776ddb04095188e5648f1d9d8ceccda956b1c98053b74f9fa306cb94a6ff6ab
                                                                • Opcode Fuzzy Hash: d0c51dadda0b491d7f66c9ae841f47455675fa83933e104cd3b0d74dab729ada
                                                                • Instruction Fuzzy Hash: 59719E74608244AFEB25DF64C994FEABBB7EF09300F148459E94997361CB35AC85CB20
                                                                Function 0064AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(?), ref: 0064AEF9
                                                                • GetKeyboardState.USER32(?), ref: 0064AF0E
                                                                • SetKeyboardState.USER32(?), ref: 0064AF6F
                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 0064AF9D
                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 0064AFBC
                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 0064AFFD
                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0064B020
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: b7c034c7107941e28fd0234d2180df54f598156f6aa080bbe306b5efcf09deb7
                                                                • Instruction ID: cd1e3edad2754439fc722ec1824e8e785bc10c667a1c3a237c74adc6308bf162
                                                                • Opcode Fuzzy Hash: b7c034c7107941e28fd0234d2180df54f598156f6aa080bbe306b5efcf09deb7
                                                                • Instruction Fuzzy Hash: 9751EEA0A543D13DFB368274C845BFBBEAA5B06704F08948DE1E9859C2C3D8EDC8D761
                                                                Function 0064ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(00000000), ref: 0064AD19
                                                                • GetKeyboardState.USER32(?), ref: 0064AD2E
                                                                • SetKeyboardState.USER32(?), ref: 0064AD8F
                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0064ADBB
                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0064ADD8
                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0064AE17
                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0064AE38
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: da9dfb8c0685fc3e04f1255d1fa66f68b29a893cae6fd5fe3c779885aa602ab5
                                                                • Instruction ID: 07b43df69c4daeb097a2af844f5cea5ffcc690e6f926761e41cadcb0a10bd32a
                                                                • Opcode Fuzzy Hash: da9dfb8c0685fc3e04f1255d1fa66f68b29a893cae6fd5fe3c779885aa602ab5
                                                                • Instruction Fuzzy Hash: C351E6B19887D53DFB3683B4CC95BFA7EAA5F46300F08858CE1E5469C2C294ED84E752
                                                                Function 0061542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleCP.KERNEL32(00623CD6,?,?,?,?,?,?,?,?,00615BA3,?,?,00623CD6,?,?), ref: 00615470
                                                                • __fassign.LIBCMT ref: 006154EB
                                                                • __fassign.LIBCMT ref: 00615506
                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00623CD6,00000005,00000000,00000000), ref: 0061552C
                                                                • WriteFile.KERNEL32(?,00623CD6,00000000,00615BA3,00000000,?,?,?,?,?,?,?,?,?,00615BA3,?), ref: 0061554B
                                                                • WriteFile.KERNEL32(?,?,00000001,00615BA3,00000000,?,?,?,?,?,?,?,?,?,00615BA3,?), ref: 00615584
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                • String ID:
                                                                • API String ID: 1324828854-0
                                                                • Opcode ID: 29e308062944911559d36950980581caef22c12d5dbe62a4162b38e16d4cb9e7
                                                                • Instruction ID: 0c24f0aa6f6403ef77ecc1234cdcd1e888cf7bca6f4cc36a58f7a6ea03a1fc2b
                                                                • Opcode Fuzzy Hash: 29e308062944911559d36950980581caef22c12d5dbe62a4162b38e16d4cb9e7
                                                                • Instruction Fuzzy Hash: C851B570A00649DFDB10CFA8D845AEEFBFBEF49310F18415AE556E7291D7309A81CB60
                                                                Function 006610B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0066304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0066307A
                                                                  • Part of subcall function 0066304E: _wcslen.LIBCMT ref: 0066309B
                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00661112
                                                                • WSAGetLastError.WSOCK32 ref: 00661121
                                                                • WSAGetLastError.WSOCK32 ref: 006611C9
                                                                • closesocket.WSOCK32(00000000), ref: 006611F9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 2675159561-0
                                                                • Opcode ID: c3ae39619773eadf68157e971b254672e59fb9c2bbdd4ee1ddfc0d9166e4146b
                                                                • Instruction ID: 2b34f2ba293abdb76f31432312d3f21edae4febe4dda49a152668cae347c8a4f
                                                                • Opcode Fuzzy Hash: c3ae39619773eadf68157e971b254672e59fb9c2bbdd4ee1ddfc0d9166e4146b
                                                                • Instruction Fuzzy Hash: A741C331600214AFDB149F14C845BA9BBEAFF86324F188059F9599F391C774ED81CBA1
                                                                Function 0064CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0064DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0064CF22,?), ref: 0064DDFD
                                                                  • Part of subcall function 0064DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0064CF22,?), ref: 0064DE16
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0064CF45
                                                                • MoveFileW.KERNEL32(?,?), ref: 0064CF7F
                                                                • _wcslen.LIBCMT ref: 0064D005
                                                                • _wcslen.LIBCMT ref: 0064D01B
                                                                • SHFileOperationW.SHELL32(?), ref: 0064D061
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                • String ID: \*.*
                                                                • API String ID: 3164238972-1173974218
                                                                • Opcode ID: df902411d178f2ebcf54196c99447c43aea6aa7a693ea5951f04b7c374ba804c
                                                                • Instruction ID: e95a028ac4084a6ba5ba1deb456d3d5169f04d28a4d4f9a90744fbebffdb6d8a
                                                                • Opcode Fuzzy Hash: df902411d178f2ebcf54196c99447c43aea6aa7a693ea5951f04b7c374ba804c
                                                                • Instruction Fuzzy Hash: D3417871D451189FDF56EFA4C981ADEB7BAAF44340F0000EAE505EB241EB35A788CB54
                                                                Function 00672DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00672E1C
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00672E4F
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00672E84
                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00672EB6
                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00672EE0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00672EF1
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00672F0B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$MessageSend
                                                                • String ID:
                                                                • API String ID: 2178440468-0
                                                                • Opcode ID: 2f3cdc491783693048339204320780b8d2cf63bc09eccfb4a5cb4db26e11f652
                                                                • Instruction ID: 2ad7c7387f627a830187f5ebe54a61839a7e37e9869e0100a5e42115568cef0f
                                                                • Opcode Fuzzy Hash: 2f3cdc491783693048339204320780b8d2cf63bc09eccfb4a5cb4db26e11f652
                                                                • Instruction Fuzzy Hash: 22310630644152AFEB21DF58DCE4FA537E2FB4A720F155168FA489F2B1CB71A880DB41
                                                                Function 00647726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00647769
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0064778F
                                                                • SysAllocString.OLEAUT32(00000000), ref: 00647792
                                                                • SysAllocString.OLEAUT32(?), ref: 006477B0
                                                                • SysFreeString.OLEAUT32(?), ref: 006477B9
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 006477DE
                                                                • SysAllocString.OLEAUT32(?), ref: 006477EC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: e14e2c8373ff41c1e1f42c6c238b553a079a42dc86dc18c1df864d1058c64ef3
                                                                • Instruction ID: a8ee1178fd169518026fb999453b50154e0ffa5849d7f1f5fc81abab3c7e4343
                                                                • Opcode Fuzzy Hash: e14e2c8373ff41c1e1f42c6c238b553a079a42dc86dc18c1df864d1058c64ef3
                                                                • Instruction Fuzzy Hash: 69219276604219AFDB10DFA8CC88CFB77EEEB097647448029FA15DB251D770DC8587A0
                                                                Function 006477FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00647842
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00647868
                                                                • SysAllocString.OLEAUT32(00000000), ref: 0064786B
                                                                • SysAllocString.OLEAUT32 ref: 0064788C
                                                                • SysFreeString.OLEAUT32 ref: 00647895
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 006478AF
                                                                • SysAllocString.OLEAUT32(?), ref: 006478BD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: 2b06496132a48e739b7a326bb62897df1eee48d47f39d5cf8f0622e9865fbabd
                                                                • Instruction ID: 4214ad62b181740cfcc8eb4e5b926bb7938473ca13571a6131d90912e2751ae5
                                                                • Opcode Fuzzy Hash: 2b06496132a48e739b7a326bb62897df1eee48d47f39d5cf8f0622e9865fbabd
                                                                • Instruction Fuzzy Hash: 9D217131608204AFDB14AFA8DC8CDBA77EDEB097607108135FA15DB2A5E774DC81CB64
                                                                Function 006504D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(0000000C), ref: 006504F2
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0065052E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: 7991167c53da036b01b0ef71105cc62ae18ce2ce33421e669860087a9d9673d1
                                                                • Instruction ID: 42020c414daf10b3bdb2077e1fd0e07dfe46f168576607e5e6c99c36f3ecb53b
                                                                • Opcode Fuzzy Hash: 7991167c53da036b01b0ef71105cc62ae18ce2ce33421e669860087a9d9673d1
                                                                • Instruction Fuzzy Hash: 85216DB5500305EBEB209F29DD45A9A77A6AF44726F204A19FCA5E62E0E770D948CF20
                                                                Function 006505A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F6), ref: 006505C6
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00650601
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: ee9fc84a14ffe2e16fe27b7fd0d62b097e3498bd69ae1685e2e070a147591be3
                                                                • Instruction ID: 90e4da3f684beb2ce34f392747ff12428f8798242ae7fc52f597b080dceb156e
                                                                • Opcode Fuzzy Hash: ee9fc84a14ffe2e16fe27b7fd0d62b097e3498bd69ae1685e2e070a147591be3
                                                                • Instruction Fuzzy Hash: 772181755003069BEB209F69CC04A9A77E6AF95731F240A19FCA1E72E0E770D9A5CB20
                                                                Function 006740AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 005E604C
                                                                  • Part of subcall function 005E600E: GetStockObject.GDI32(00000011), ref: 005E6060
                                                                  • Part of subcall function 005E600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 005E606A
                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00674112
                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0067411F
                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0067412A
                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00674139
                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00674145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                • String ID: Msctls_Progress32
                                                                • API String ID: 1025951953-3636473452
                                                                • Opcode ID: f514150b4df494bcf8208e7cedff45a4dbb8587e65b0c54aa6456c9dae4ed7f2
                                                                • Instruction ID: fffebb132d6458e5803ea8860df27eeb342e6d27930fb28a2f9fd31d6a30c2d7
                                                                • Opcode Fuzzy Hash: f514150b4df494bcf8208e7cedff45a4dbb8587e65b0c54aa6456c9dae4ed7f2
                                                                • Instruction Fuzzy Hash: 3911B6B11401197EEF119F64CC85EE77F5EFF09798F018110F618A6150CB729C61DBA4
                                                                Function 0061D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0061D7A3: _free.LIBCMT ref: 0061D7CC
                                                                • _free.LIBCMT ref: 0061D82D
                                                                  • Part of subcall function 006129C8: HeapFree.KERNEL32(00000000,00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000), ref: 006129DE
                                                                  • Part of subcall function 006129C8: GetLastError.KERNEL32(00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000,00000000), ref: 006129F0
                                                                • _free.LIBCMT ref: 0061D838
                                                                • _free.LIBCMT ref: 0061D843
                                                                • _free.LIBCMT ref: 0061D897
                                                                • _free.LIBCMT ref: 0061D8A2
                                                                • _free.LIBCMT ref: 0061D8AD
                                                                • _free.LIBCMT ref: 0061D8B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction ID: 69ce54f5da642d403c576c4e21615006a21a7756319262f6d2f43e4e23b24acf
                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction Fuzzy Hash: 47115171540B04AAD5A1BFB1CC47FCB7BDE6F00710F4C0C2DB299AA0E2DAA5F5A54654
                                                                Function 0064DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0064DA74
                                                                • LoadStringW.USER32(00000000), ref: 0064DA7B
                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0064DA91
                                                                • LoadStringW.USER32(00000000), ref: 0064DA98
                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0064DADC
                                                                Strings
                                                                • %s (%d) : ==> %s: %s %s, xrefs: 0064DAB9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message
                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                • API String ID: 4072794657-3128320259
                                                                • Opcode ID: 8aa411608751b0d8f96ea1d1deed7f2069c17a79d8ea81ce93d7155afe8b135a
                                                                • Instruction ID: a947736437c3a7d026aba3721e9c2fb2d035ff679e1023522271e2abb8ba7d6f
                                                                • Opcode Fuzzy Hash: 8aa411608751b0d8f96ea1d1deed7f2069c17a79d8ea81ce93d7155afe8b135a
                                                                • Instruction Fuzzy Hash: 6D0186F2900208BFE715ABA4DD89EE7376DE708711F4054A9B70AE2141EA749EC44F74
                                                                Function 0065096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(014C0AB0,014C0AB0), ref: 0065097B
                                                                • EnterCriticalSection.KERNEL32(014C0A90,00000000), ref: 0065098D
                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 0065099B
                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 006509A9
                                                                • CloseHandle.KERNEL32(?), ref: 006509B8
                                                                • InterlockedExchange.KERNEL32(014C0AB0,000001F6), ref: 006509C8
                                                                • LeaveCriticalSection.KERNEL32(014C0A90), ref: 006509CF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                • String ID:
                                                                • API String ID: 3495660284-0
                                                                • Opcode ID: ce9877aef543c41e0f11e235279a27bf0b927f9cc803c9325bff95247f6c8c0d
                                                                • Instruction ID: 01fb212f6ccf43c784927cd31ce3ef441d9ba2312976b8ddcbfebebde9d7e013
                                                                • Opcode Fuzzy Hash: ce9877aef543c41e0f11e235279a27bf0b927f9cc803c9325bff95247f6c8c0d
                                                                • Instruction Fuzzy Hash: BDF03132442902BBE7455F94EE8CBD6BB36FF01712F403029F205608A5D77495A5DF90
                                                                Function 00661C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00661DC0
                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00661DE1
                                                                • WSAGetLastError.WSOCK32 ref: 00661DF2
                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00661EDB
                                                                • inet_ntoa.WSOCK32(?), ref: 00661E8C
                                                                  • Part of subcall function 006439E8: _strlen.LIBCMT ref: 006439F2
                                                                  • Part of subcall function 00663224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0065EC0C), ref: 00663240
                                                                • _strlen.LIBCMT ref: 00661F35
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                • String ID:
                                                                • API String ID: 3203458085-0
                                                                • Opcode ID: 1732e8491678897bddb1e0688a0de06c3ae2e9addc4c2d1ff90f3f1a8a77768b
                                                                • Instruction ID: f11574f39932a820f9fbc5461ee2d741d9a5fb60ae3a12b09d3b4f55cc364691
                                                                • Opcode Fuzzy Hash: 1732e8491678897bddb1e0688a0de06c3ae2e9addc4c2d1ff90f3f1a8a77768b
                                                                • Instruction Fuzzy Hash: 4BB1BD30204341AFC324DF24C899E6A7BE6AF85318F58894CF5965F3A2DB31ED42CB91
                                                                Function 005E5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClientRect.USER32(?,?), ref: 005E5D30
                                                                • GetWindowRect.USER32(?,?), ref: 005E5D71
                                                                • ScreenToClient.USER32(?,?), ref: 005E5D99
                                                                • GetClientRect.USER32(?,?), ref: 005E5ED7
                                                                • GetWindowRect.USER32(?,?), ref: 005E5EF8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$Client$Window$Screen
                                                                • String ID:
                                                                • API String ID: 1296646539-0
                                                                • Opcode ID: c6d128907db60b0522e2d5829f9f9e51cd93b87c93fd97eae3fc905da3a9778d
                                                                • Instruction ID: 23fc5dd7be7e6158c1a6565e3940f70c6fbede11ecd899aed35e2830c41d6e2f
                                                                • Opcode Fuzzy Hash: c6d128907db60b0522e2d5829f9f9e51cd93b87c93fd97eae3fc905da3a9778d
                                                                • Instruction Fuzzy Hash: DCB17C35A00A8ADBDB14CFA9C4407EABBF6FF44314F14941AE8A9D7250EB34EA51DB50
                                                                Function 006101B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __allrem.LIBCMT ref: 006100BA
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006100D6
                                                                • __allrem.LIBCMT ref: 006100ED
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0061010B
                                                                • __allrem.LIBCMT ref: 00610122
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00610140
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                • String ID:
                                                                • API String ID: 1992179935-0
                                                                • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                • Instruction ID: f7429e64969d336b38c291eceaeeea3b73c2cfc00f1e0eaebc3135604d12aaf6
                                                                • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                • Instruction Fuzzy Hash: BF81F571A00706ABEB249F68CC42BEB73EAAF45364F28412DF451D67C1EBB4D9808B54
                                                                Function 006161FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,006082D9,006082D9,?,?,?,0061644F,00000001,00000001,8BE85006), ref: 00616258
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0061644F,00000001,00000001,8BE85006,?,?,?), ref: 006162DE
                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006163D8
                                                                • __freea.LIBCMT ref: 006163E5
                                                                  • Part of subcall function 00613820: RtlAllocateHeap.NTDLL(00000000,?,006B1444,?,005FFDF5,?,?,005EA976,00000010,006B1440,005E13FC,?,005E13C6,?,005E1129), ref: 00613852
                                                                • __freea.LIBCMT ref: 006163EE
                                                                • __freea.LIBCMT ref: 00616413
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1414292761-0
                                                                • Opcode ID: 367ed1ecd34bb8584fd2950be28120ba029a3e457f88c0369b630359bce8668e
                                                                • Instruction ID: ed84a7caffb3cd87ae7b560c46fd7aea1cf7cc5c9509c96f94cdb10d82389c26
                                                                • Opcode Fuzzy Hash: 367ed1ecd34bb8584fd2950be28120ba029a3e457f88c0369b630359bce8668e
                                                                • Instruction Fuzzy Hash: E251E076A00216ABEB298F64CC81EEF77ABEB44710F18422DFC15D6240EB34DCC1C6A0
                                                                Function 0066BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 0066C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0066B6AE,?,?), ref: 0066C9B5
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066C9F1
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066CA68
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0066BCCA
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0066BD25
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0066BD6A
                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0066BD99
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0066BDF3
                                                                • RegCloseKey.ADVAPI32(?), ref: 0066BDFF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                • String ID:
                                                                • API String ID: 1120388591-0
                                                                • Opcode ID: 8cea6fdd6961defa964d9af900053c64066d52822a29d42880a4f012eedfb004
                                                                • Instruction ID: 4f820cec003cf484a1ecb400b09f1aa1c9ca986af081faf609ff578d7bb689d1
                                                                • Opcode Fuzzy Hash: 8cea6fdd6961defa964d9af900053c64066d52822a29d42880a4f012eedfb004
                                                                • Instruction Fuzzy Hash: 3C81B470108241EFD714DF24C885E6ABBE6FF84308F14955CF5998B2A2DB32ED85CB92
                                                                Function 0063F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000035), ref: 0063F7B9
                                                                • SysAllocString.OLEAUT32(00000001), ref: 0063F860
                                                                • VariantCopy.OLEAUT32(0063FA64,00000000), ref: 0063F889
                                                                • VariantClear.OLEAUT32(0063FA64), ref: 0063F8AD
                                                                • VariantCopy.OLEAUT32(0063FA64,00000000), ref: 0063F8B1
                                                                • VariantClear.OLEAUT32(?), ref: 0063F8BB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                • String ID:
                                                                • API String ID: 3859894641-0
                                                                • Opcode ID: ecc42479e220e26c99c935040a58785aa3d6b2178a1ceafbad7304082e14c2ab
                                                                • Instruction ID: 0bb02387b43e9e256fefeddca2c028e151cf913468827af54b826cb6c9a71c14
                                                                • Opcode Fuzzy Hash: ecc42479e220e26c99c935040a58785aa3d6b2178a1ceafbad7304082e14c2ab
                                                                • Instruction Fuzzy Hash: 5F51E431E00311BACF24AB65D895B69B7EAEF45310F20946BE906DF2D5EB708C41C7D6
                                                                Function 0065910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E7620: _wcslen.LIBCMT ref: 005E7625
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 006594E5
                                                                • _wcslen.LIBCMT ref: 00659506
                                                                • _wcslen.LIBCMT ref: 0065952D
                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00659585
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$FileName$OpenSave
                                                                • String ID: X
                                                                • API String ID: 83654149-3081909835
                                                                • Opcode ID: f34dac5f9ce93eb3d541f43832fbb87a8cd099eaa15251efc28afa4477057d27
                                                                • Instruction ID: 5c6f7b347b2e06db174343498fc8d4696526d7878319b99d2a6b692a29c00c4d
                                                                • Opcode Fuzzy Hash: f34dac5f9ce93eb3d541f43832fbb87a8cd099eaa15251efc28afa4477057d27
                                                                • Instruction Fuzzy Hash: 36E1A231504341CFD728DF25C885A6ABBE1BFC5314F14896DE9899B3A2EB31DD05CBA1
                                                                Function 005F920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                • BeginPaint.USER32(?,?,?), ref: 005F9241
                                                                • GetWindowRect.USER32(?,?), ref: 005F92A5
                                                                • ScreenToClient.USER32(?,?), ref: 005F92C2
                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 005F92D3
                                                                • EndPaint.USER32(?,?,?,?,?), ref: 005F9321
                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 006371EA
                                                                  • Part of subcall function 005F9339: BeginPath.GDI32(00000000), ref: 005F9357
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                • String ID:
                                                                • API String ID: 3050599898-0
                                                                • Opcode ID: 74782ea4865819e9dfb4c0ef44d400e86d9ae3e89ec8e51680f187d423d8a642
                                                                • Instruction ID: e1c9d197a3c2ae1776eacfdc97a355b4c911ae2c9458e30b12c7d5a513334d3e
                                                                • Opcode Fuzzy Hash: 74782ea4865819e9dfb4c0ef44d400e86d9ae3e89ec8e51680f187d423d8a642
                                                                • Instruction Fuzzy Hash: 2C41B271104605AFD721EF24CC98FBA7FAAFF46320F140629FA548B2E1C7359885DB61
                                                                Function 006507EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 0065080C
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00650847
                                                                • EnterCriticalSection.KERNEL32(?), ref: 00650863
                                                                • LeaveCriticalSection.KERNEL32(?), ref: 006508DC
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 006508F3
                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00650921
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                • String ID:
                                                                • API String ID: 3368777196-0
                                                                • Opcode ID: 63b8be19e662e39082196afef70f927d0a29aad4543ce1304a39c4d08b53dbbf
                                                                • Instruction ID: 0bf23a85fe1a0f961bd547e4676750d330f7b115f417b4a7a0886eccc219cff5
                                                                • Opcode Fuzzy Hash: 63b8be19e662e39082196afef70f927d0a29aad4543ce1304a39c4d08b53dbbf
                                                                • Instruction Fuzzy Hash: E2416B71900206EBEF14AF54DC85AAA777AFF44310F1440A9EE04AF297D730EE64DBA4
                                                                Function 006781DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0063F3AB,00000000,?,?,00000000,?,0063682C,00000004,00000000,00000000), ref: 0067824C
                                                                • EnableWindow.USER32(?,00000000), ref: 00678272
                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 006782D1
                                                                • ShowWindow.USER32(?,00000004), ref: 006782E5
                                                                • EnableWindow.USER32(?,00000001), ref: 0067830B
                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0067832F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Show$Enable$MessageSend
                                                                • String ID:
                                                                • API String ID: 642888154-0
                                                                • Opcode ID: 86dfc3a9f048f28103e52bc5f761d60c893500c2aa3d7479888f29acc4d1225d
                                                                • Instruction ID: b5df0a03294b401045642491790f906d8dd0bb6087e85fa53fd03824aa79e96f
                                                                • Opcode Fuzzy Hash: 86dfc3a9f048f28103e52bc5f761d60c893500c2aa3d7479888f29acc4d1225d
                                                                • Instruction Fuzzy Hash: 8841A430641644AFDB25CF54D8ADBE47BE2BB06725F189269E61C4F363CB31AD81CB90
                                                                Function 00644C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 00644C95
                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00644CB2
                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00644CEA
                                                                • _wcslen.LIBCMT ref: 00644D08
                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00644D10
                                                                • _wcsstr.LIBVCRUNTIME ref: 00644D1A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                • String ID:
                                                                • API String ID: 72514467-0
                                                                • Opcode ID: 068757399853ec843ad975c21e0c3bc0e2c0bc26d88f1fc7b65ea426d42ccd61
                                                                • Instruction ID: b80eb3aafadcbfcf03c6b8412069aa9cf7709381ea0e721d15054c5334353a08
                                                                • Opcode Fuzzy Hash: 068757399853ec843ad975c21e0c3bc0e2c0bc26d88f1fc7b65ea426d42ccd61
                                                                • Instruction Fuzzy Hash: 702107316042057BEB155B25AC8AF7B7F9EDF45760F10402DF909CA292DE61CC4182A0
                                                                Function 0065581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,005E3A97,?,?,005E2E7F,?,?,?,00000000), ref: 005E3AC2
                                                                • _wcslen.LIBCMT ref: 0065587B
                                                                • CoInitialize.OLE32(00000000), ref: 00655995
                                                                • CoCreateInstance.OLE32(0067FCF8,00000000,00000001,0067FB68,?), ref: 006559AE
                                                                • CoUninitialize.OLE32 ref: 006559CC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 3172280962-24824748
                                                                • Opcode ID: 91105919f7030ba41a13bb736c1beb03d14e9a127ba982b1d058628693411aac
                                                                • Instruction ID: ec0d718fc2aadf68faaa88152400d2a7f623ac0197d414521152471c9e1589e7
                                                                • Opcode Fuzzy Hash: 91105919f7030ba41a13bb736c1beb03d14e9a127ba982b1d058628693411aac
                                                                • Instruction Fuzzy Hash: A1D176706087019FC718DF15C4A896ABBE2FF89711F14885DF88A9B361D731EC49CB92
                                                                Function 0064175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00640FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00640FCA
                                                                  • Part of subcall function 00640FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00640FD6
                                                                  • Part of subcall function 00640FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00640FE5
                                                                  • Part of subcall function 00640FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00640FEC
                                                                  • Part of subcall function 00640FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00641002
                                                                • GetLengthSid.ADVAPI32(?,00000000,00641335), ref: 006417AE
                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 006417BA
                                                                • HeapAlloc.KERNEL32(00000000), ref: 006417C1
                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 006417DA
                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00641335), ref: 006417EE
                                                                • HeapFree.KERNEL32(00000000), ref: 006417F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                • String ID:
                                                                • API String ID: 3008561057-0
                                                                • Opcode ID: b92dd594ae9a1ba438d59ccf8978514a63098afaadc9c7d0125b0dab4e16ce26
                                                                • Instruction ID: 6d1557352882a7c55aa4eac6401eae07793e12cde921912a475a2e8ba9cfb5ee
                                                                • Opcode Fuzzy Hash: b92dd594ae9a1ba438d59ccf8978514a63098afaadc9c7d0125b0dab4e16ce26
                                                                • Instruction Fuzzy Hash: 54118E31510205FFDB149FA4CC49BEE7BBAEB46365F10402CF4459B210D736AA84DB60
                                                                Function 006414CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 006414FF
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00641506
                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00641515
                                                                • CloseHandle.KERNEL32(00000004), ref: 00641520
                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0064154F
                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 00641563
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                • String ID:
                                                                • API String ID: 1413079979-0
                                                                • Opcode ID: ce0f748aa17c5162214b7731fbe1e81ba403a243dc79d36e3f659417d09c89ba
                                                                • Instruction ID: 073bbe8ffa600ed861c8fcc3e60ef7205cd431dbb748e6818f9a455b339d6f00
                                                                • Opcode Fuzzy Hash: ce0f748aa17c5162214b7731fbe1e81ba403a243dc79d36e3f659417d09c89ba
                                                                • Instruction Fuzzy Hash: E511597250020DABDF15CFA8DD49FDE7BAAEF49714F044018FA09A6160D3728EA0DB60
                                                                Function 00603382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00603379,00602FE5), ref: 00603390
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0060339E
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006033B7
                                                                • SetLastError.KERNEL32(00000000,?,00603379,00602FE5), ref: 00603409
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: bec3bbd0f55bb3a83f30e9ba5733780ad4596cf7289210ff27672d9a62a1502a
                                                                • Instruction ID: 68dfd684eff790dbc6e21702e8e10295fdad74c8efef50d32fae7f8e8037992b
                                                                • Opcode Fuzzy Hash: bec3bbd0f55bb3a83f30e9ba5733780ad4596cf7289210ff27672d9a62a1502a
                                                                • Instruction Fuzzy Hash: 3801F532298331AEE72C37746CD55972A9FDB16377320022DF510843F0FF125D415548
                                                                Function 00612D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00615686,00623CD6,?,00000000,?,00615B6A,?,?,?,?,?,0060E6D1,?,006A8A48), ref: 00612D78
                                                                • _free.LIBCMT ref: 00612DAB
                                                                • _free.LIBCMT ref: 00612DD3
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,0060E6D1,?,006A8A48,00000010,005E4F4A,?,?,00000000,00623CD6), ref: 00612DE0
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,0060E6D1,?,006A8A48,00000010,005E4F4A,?,?,00000000,00623CD6), ref: 00612DEC
                                                                • _abort.LIBCMT ref: 00612DF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free$_abort
                                                                • String ID:
                                                                • API String ID: 3160817290-0
                                                                • Opcode ID: f715ff8de0d6f00d4927fd33e1b0f0afc41419d109360f2763e318a682da16da
                                                                • Instruction ID: f09a94efcfee299e4b74e6409647a928a6eade209901af1a47e39601798ad558
                                                                • Opcode Fuzzy Hash: f715ff8de0d6f00d4927fd33e1b0f0afc41419d109360f2763e318a682da16da
                                                                • Instruction Fuzzy Hash: A3F0F9319445026BC3523339FC26ADA15576FC2771B2C041CF828922D1EE2098E25274
                                                                Function 00678A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 005F9693
                                                                  • Part of subcall function 005F9639: SelectObject.GDI32(?,00000000), ref: 005F96A2
                                                                  • Part of subcall function 005F9639: BeginPath.GDI32(?), ref: 005F96B9
                                                                  • Part of subcall function 005F9639: SelectObject.GDI32(?,00000000), ref: 005F96E2
                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00678A4E
                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00678A62
                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00678A70
                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00678A80
                                                                • EndPath.GDI32(?), ref: 00678A90
                                                                • StrokePath.GDI32(?), ref: 00678AA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                • String ID:
                                                                • API String ID: 43455801-0
                                                                • Opcode ID: 40e0860e276c67e2b432be79836ab3471060756b2af09c8bb1d6c20ac886332c
                                                                • Instruction ID: c3d41408ef9c61e0b6bb485857e801f2b3366acda50600ad4e3d38975531f2cb
                                                                • Opcode Fuzzy Hash: 40e0860e276c67e2b432be79836ab3471060756b2af09c8bb1d6c20ac886332c
                                                                • Instruction Fuzzy Hash: FE111E7604014DFFDF119F90DC48EEA7F6EEB04364F008015BA199A161C7729D95DFA0
                                                                Function 006451FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 00645218
                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00645229
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00645230
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00645238
                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0064524F
                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00645261
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDevice$Release
                                                                • String ID:
                                                                • API String ID: 1035833867-0
                                                                • Opcode ID: 65b7490b4bf11569c943a8aec30a3761928b166fb9474e6bafcb88c62a0e472f
                                                                • Instruction ID: 8168c1e76518e9f5c5b318da42f28a5d5b97b38b3b9841c3c9327116563c7a54
                                                                • Opcode Fuzzy Hash: 65b7490b4bf11569c943a8aec30a3761928b166fb9474e6bafcb88c62a0e472f
                                                                • Instruction Fuzzy Hash: B501A275E00708BBEB149BB59C49E4EBFB9EF48361F04506AFA09A7381D6709D00CFA0
                                                                Function 005E1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 005E1BF4
                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 005E1BFC
                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 005E1C07
                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 005E1C12
                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 005E1C1A
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 005E1C22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual
                                                                • String ID:
                                                                • API String ID: 4278518827-0
                                                                • Opcode ID: 8c5ef14dd3ad453c68653a0c0c629c806d37f365bc62128f54c2ddefb00ea911
                                                                • Instruction ID: 8bcda459a15a34c4db11642b136d98df87d1125697708787293d334a8f91ebd8
                                                                • Opcode Fuzzy Hash: 8c5ef14dd3ad453c68653a0c0c629c806d37f365bc62128f54c2ddefb00ea911
                                                                • Instruction Fuzzy Hash: 76016CB09027597DE3008F5A8C85B52FFA8FF19754F00411F915C47941C7F5A864CBE5
                                                                Function 0064EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0064EB30
                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0064EB46
                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 0064EB55
                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0064EB64
                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0064EB6E
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0064EB75
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 839392675-0
                                                                • Opcode ID: e95ac2ad8d38da6b900e7aa230840575a943912a7d803214683f146e463c8cc1
                                                                • Instruction ID: 8e23a32c91740f0e2e26a970e772d628c0afc5d2ce44c42f05dbe81b63c44386
                                                                • Opcode Fuzzy Hash: e95ac2ad8d38da6b900e7aa230840575a943912a7d803214683f146e463c8cc1
                                                                • Instruction Fuzzy Hash: BAF0BE72200518BBE7245B629C0EEEF3E7EEFCAB21F00116CF605E1090E7A01A41CAB4
                                                                Function 00637439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClientRect.USER32(?), ref: 00637452
                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00637469
                                                                • GetWindowDC.USER32(?), ref: 00637475
                                                                • GetPixel.GDI32(00000000,?,?), ref: 00637484
                                                                • ReleaseDC.USER32(?,00000000), ref: 00637496
                                                                • GetSysColor.USER32(00000005), ref: 006374B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                • String ID:
                                                                • API String ID: 272304278-0
                                                                • Opcode ID: a745e8be3e1bf9de6a917050d0a32b2c632af1757e02b7b979bf4dbabafc7246
                                                                • Instruction ID: ea259b54c4edd496e94d8023ef1513a2baf71d44a602dc15ff0795fa2c62ee03
                                                                • Opcode Fuzzy Hash: a745e8be3e1bf9de6a917050d0a32b2c632af1757e02b7b979bf4dbabafc7246
                                                                • Instruction Fuzzy Hash: 27014B31404215EFEB655F64DC08BEE7BB6FB04321F511168F91AA21A1CB312E91AB50
                                                                Function 00641874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0064187F
                                                                • UnloadUserProfile.USERENV(?,?), ref: 0064188B
                                                                • CloseHandle.KERNEL32(?), ref: 00641894
                                                                • CloseHandle.KERNEL32(?), ref: 0064189C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 006418A5
                                                                • HeapFree.KERNEL32(00000000), ref: 006418AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                • String ID:
                                                                • API String ID: 146765662-0
                                                                • Opcode ID: 021370f23acf5c78d61bbb5391a77438ccb24c804f588735bcc3b630098a174f
                                                                • Instruction ID: 1b107adb3ef701f6b4df5c588d9ebc2012b8dc8d37851bfa53dbd96ce2b3272e
                                                                • Opcode Fuzzy Hash: 021370f23acf5c78d61bbb5391a77438ccb24c804f588735bcc3b630098a174f
                                                                • Instruction Fuzzy Hash: 89E0E536004901BBEB055FA1ED0C90ABF3AFF49B32B509228F22991470DB3294A0EF50
                                                                Function 005EBBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __Init_thread_footer.LIBCMT ref: 005EBEB3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Init_thread_footer
                                                                • String ID: D%k$D%k$D%k$D%kD%k
                                                                • API String ID: 1385522511-693824438
                                                                • Opcode ID: db7a82c6acf3fb02eb3dd8aa4a988b0b5f6bfcbac2cfa1765031bf0071255cbf
                                                                • Instruction ID: e97be456f5d0575418522edb26570c639eefb532ae80976f3cd44d6a292842de
                                                                • Opcode Fuzzy Hash: db7a82c6acf3fb02eb3dd8aa4a988b0b5f6bfcbac2cfa1765031bf0071255cbf
                                                                • Instruction Fuzzy Hash: 23917CB5A0424ACFDB18CF5AC4A06AABBF2FF58311F24456DD985AB350D731ED81CB90
                                                                Function 00667B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00600242: EnterCriticalSection.KERNEL32(006B070C,006B1884,?,?,005F198B,006B2518,?,?,?,005E12F9,00000000), ref: 0060024D
                                                                  • Part of subcall function 00600242: LeaveCriticalSection.KERNEL32(006B070C,?,005F198B,006B2518,?,?,?,005E12F9,00000000), ref: 0060028A
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 006000A3: __onexit.LIBCMT ref: 006000A9
                                                                • __Init_thread_footer.LIBCMT ref: 00667BFB
                                                                  • Part of subcall function 006001F8: EnterCriticalSection.KERNEL32(006B070C,?,?,005F8747,006B2514), ref: 00600202
                                                                  • Part of subcall function 006001F8: LeaveCriticalSection.KERNEL32(006B070C,?,005F8747,006B2514), ref: 00600235
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                • String ID: +Tc$5$G$Variable must be of type 'Object'.
                                                                • API String ID: 535116098-2992906774
                                                                • Opcode ID: 02d5ba91ccc08b52266deb456cb4131f32d85fec05a3a8aad699312ee9abb2d0
                                                                • Instruction ID: 21e806d76d0a9790b531c67ea2385e7d979ccb726af6e0f0c996e74e72ef60f2
                                                                • Opcode Fuzzy Hash: 02d5ba91ccc08b52266deb456cb4131f32d85fec05a3a8aad699312ee9abb2d0
                                                                • Instruction Fuzzy Hash: 73915A70A04209AFCB14EF54D8959EDBBB2FF89308F10845DF8469B392DB71AE85CB51
                                                                Function 0064C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E7620: _wcslen.LIBCMT ref: 005E7625
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0064C6EE
                                                                • _wcslen.LIBCMT ref: 0064C735
                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0064C79C
                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0064C7CA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                • String ID: 0
                                                                • API String ID: 1227352736-4108050209
                                                                • Opcode ID: 4d19bb5badaa187481a70ac99bd8611b5d9254d08082eb695cf1b9d20c7f12ba
                                                                • Instruction ID: 483b352497fc27106fe9b26d4b5223d7bc8a101af7a470709955889082004a53
                                                                • Opcode Fuzzy Hash: 4d19bb5badaa187481a70ac99bd8611b5d9254d08082eb695cf1b9d20c7f12ba
                                                                • Instruction Fuzzy Hash: DF5104716063019BD7949F28C884BAB7BEAAF85334F040A2DF995D73A1DB70D844CB52
                                                                Function 0064719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00647206
                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0064723C
                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0064724D
                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 006472CF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                • String ID: DllGetClassObject
                                                                • API String ID: 753597075-1075368562
                                                                • Opcode ID: 39b3c6ac5d7c04470c7b1965995d815fc24d2ce4a4bee47f9717bce2d1ac5cde
                                                                • Instruction ID: 0ed9790c7d2c172f704b8edeaa947ec7f96c7926b4bb0b36c4aa727c87168d61
                                                                • Opcode Fuzzy Hash: 39b3c6ac5d7c04470c7b1965995d815fc24d2ce4a4bee47f9717bce2d1ac5cde
                                                                • Instruction Fuzzy Hash: 0B414C71A04204EFDB55CF64C884A9B7BAAEF45710F1580ADFD099F20AD7B1DE45CBA0
                                                                Function 00673D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00673E35
                                                                • IsMenu.USER32(?), ref: 00673E4A
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00673E92
                                                                • DrawMenuBar.USER32 ref: 00673EA5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                • String ID: 0
                                                                • API String ID: 3076010158-4108050209
                                                                • Opcode ID: 5fce3f182b463128c111c96bbba0c90d01699575bfec9171b8011180a244236a
                                                                • Instruction ID: f1c6c5072db198271e3b9b46c933af8cc25fc696cfe23875d67f85752f21af40
                                                                • Opcode Fuzzy Hash: 5fce3f182b463128c111c96bbba0c90d01699575bfec9171b8011180a244236a
                                                                • Instruction Fuzzy Hash: 9F415775A01219EFDB14DF50D884AEABBBAFF49360F04812AE909AB350D730AE51DF50
                                                                Function 00641DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 00643CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00643CCA
                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00641E66
                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00641E79
                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00641EA9
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 2081771294-1403004172
                                                                • Opcode ID: 2fae46408b42a6de81ca6cbfc13ccd5b4de1aa3c046b26f9597db24d2a88c1c8
                                                                • Instruction ID: 7ee8a6008c23e228965b5a1c7d4c227c35d14c7306c583771bb6d01069b8d548
                                                                • Opcode Fuzzy Hash: 2fae46408b42a6de81ca6cbfc13ccd5b4de1aa3c046b26f9597db24d2a88c1c8
                                                                • Instruction Fuzzy Hash: B0212C75900105BEDB18AB65DC89CFF7BBAEF86360B10411DF855A72E1DB344D468620
                                                                Function 00672F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00672F8D
                                                                • LoadLibraryW.KERNEL32(?), ref: 00672F94
                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00672FA9
                                                                • DestroyWindow.USER32(?), ref: 00672FB1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                • String ID: SysAnimate32
                                                                • API String ID: 3529120543-1011021900
                                                                • Opcode ID: 5477791efc4bbeb9305142e2a70da74d5f65bb9e314987557e1cf5f32bbfbc19
                                                                • Instruction ID: 7d05d3faaa175eae39ec956376ddce6df342116b9c3cd3293193403e74c8046f
                                                                • Opcode Fuzzy Hash: 5477791efc4bbeb9305142e2a70da74d5f65bb9e314987557e1cf5f32bbfbc19
                                                                • Instruction Fuzzy Hash: CD21FD7224020AEBEF108F64DCA0EBB37BEEB59764F108218F958D2290D335DC819760
                                                                Function 00604D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00604D1E,006128E9,?,00604CBE,006128E9,006A88B8,0000000C,00604E15,006128E9,00000002), ref: 00604D8D
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00604DA0
                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00604D1E,006128E9,?,00604CBE,006128E9,006A88B8,0000000C,00604E15,006128E9,00000002,00000000), ref: 00604DC3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: 8fc4daa757bad60eb5476f508b53473c93a0d2941a81f750a962385ab4f4745a
                                                                • Instruction ID: 5d2bac5b542e47d72302811542858c339039a5c2bf55d376b3f45022c7b59841
                                                                • Opcode Fuzzy Hash: 8fc4daa757bad60eb5476f508b53473c93a0d2941a81f750a962385ab4f4745a
                                                                • Instruction Fuzzy Hash: E1F04474640208BBEB195F94DC49BDEBFB6EF44761F440168F909A2290CF715984CB91
                                                                Function 005E4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,005E4EDD,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4E9C
                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 005E4EAE
                                                                • FreeLibrary.KERNEL32(00000000,?,?,005E4EDD,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4EC0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-3689287502
                                                                • Opcode ID: 1a506350987cc2981246c7f2eeaa6712a81060b2026103dfa84cf60e06c052a0
                                                                • Instruction ID: c73afc908fb1ea47db6649ab1044412aed589abaa85ed36b92e3e2c1706b91e6
                                                                • Opcode Fuzzy Hash: 1a506350987cc2981246c7f2eeaa6712a81060b2026103dfa84cf60e06c052a0
                                                                • Instruction Fuzzy Hash: 72E0CD35E015725BD3351B266C18B5F6A5EBFC1F72B050129FC08D2201DB60CD4589A1
                                                                Function 005E4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00623CDE,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4E62
                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 005E4E74
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00623CDE,?,006B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 005E4E87
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-1355242751
                                                                • Opcode ID: ff054209f6094ab5b7c0aad0e56c635899db1a535dbce0c12ad410ca5da059d7
                                                                • Instruction ID: 2236bcee8219522351d8e1d4b612c381c0eb45bde7cabe0840966596241eeb75
                                                                • Opcode Fuzzy Hash: ff054209f6094ab5b7c0aad0e56c635899db1a535dbce0c12ad410ca5da059d7
                                                                • Instruction Fuzzy Hash: F1D0C23190267157C72A1B266C08D8F6E1EBF89F3134A0168B808A2110CF20CD41C9D1
                                                                Function 00652947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00652C05
                                                                • DeleteFileW.KERNEL32(?), ref: 00652C87
                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00652C9D
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00652CAE
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00652CC0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Delete$Copy
                                                                • String ID:
                                                                • API String ID: 3226157194-0
                                                                • Opcode ID: ec6c8920c69893d0755b0311ffc4d510999aa114d471f68821c2c1a9672442d2
                                                                • Instruction ID: 83da052ce26a4be776da7faaa9458099bccbcbf8025bba6e4cfe9291fc169ac1
                                                                • Opcode Fuzzy Hash: ec6c8920c69893d0755b0311ffc4d510999aa114d471f68821c2c1a9672442d2
                                                                • Instruction Fuzzy Hash: 9CB1717190011AABDF55DBA4CC99EDF7B7EEF49354F0040AAFA09E6141EB309A488F61
                                                                Function 0066A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcessId.KERNEL32 ref: 0066A427
                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0066A435
                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0066A468
                                                                • CloseHandle.KERNEL32(?), ref: 0066A63D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                • String ID:
                                                                • API String ID: 3488606520-0
                                                                • Opcode ID: 392ab6d0af14e6c32d704278a4ad94ffb33b55cd6d4688f6b2ed5e5ad24d005c
                                                                • Instruction ID: 4f5aec0a4ac753b4e42201d502efa598227843e89ea49b3b70b886d51b47b076
                                                                • Opcode Fuzzy Hash: 392ab6d0af14e6c32d704278a4ad94ffb33b55cd6d4688f6b2ed5e5ad24d005c
                                                                • Instruction Fuzzy Hash: 45A170716043019FD724DF25C88AB2ABBE6AF84714F14885DF5AA9B3D2D770EC418B92
                                                                Function 0061BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00683700), ref: 0061BB91
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,006B121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0061BC09
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,006B1270,000000FF,?,0000003F,00000000,?), ref: 0061BC36
                                                                • _free.LIBCMT ref: 0061BB7F
                                                                  • Part of subcall function 006129C8: HeapFree.KERNEL32(00000000,00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000), ref: 006129DE
                                                                  • Part of subcall function 006129C8: GetLastError.KERNEL32(00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000,00000000), ref: 006129F0
                                                                • _free.LIBCMT ref: 0061BD4B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                • String ID:
                                                                • API String ID: 1286116820-0
                                                                • Opcode ID: 1109429f5a063a48787ba5370705a18d572b3b4e055847e70bccfc4f48d48877
                                                                • Instruction ID: e35e107f0a8bc4c820a9e0dd1dc02d70d32cf11091fb0c18b75f6cdafda6fb38
                                                                • Opcode Fuzzy Hash: 1109429f5a063a48787ba5370705a18d572b3b4e055847e70bccfc4f48d48877
                                                                • Instruction Fuzzy Hash: BB512971900209AFCB14EF65DC919EEB7BBEF41320F58126EE424D7291EB309EC18B94
                                                                Function 0064E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0064DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0064CF22,?), ref: 0064DDFD
                                                                  • Part of subcall function 0064DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0064CF22,?), ref: 0064DE16
                                                                  • Part of subcall function 0064E199: GetFileAttributesW.KERNEL32(?,0064CF95), ref: 0064E19A
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0064E473
                                                                • MoveFileW.KERNEL32(?,?), ref: 0064E4AC
                                                                • _wcslen.LIBCMT ref: 0064E5EB
                                                                • _wcslen.LIBCMT ref: 0064E603
                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0064E650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                • String ID:
                                                                • API String ID: 3183298772-0
                                                                • Opcode ID: 54960e5933d03f4d8c85c5ae1a8c19446075419586487e6268c04279f0ad9ac5
                                                                • Instruction ID: 12f7fff8a19945f143d79dd3a3d692b61eb662c2fa5d3b101eacdf66d04c440b
                                                                • Opcode Fuzzy Hash: 54960e5933d03f4d8c85c5ae1a8c19446075419586487e6268c04279f0ad9ac5
                                                                • Instruction Fuzzy Hash: B65197B24083859BC778DB90DC819DF73DEAF84340F00492EF589D3191EF75A688876A
                                                                Function 0066B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 0066C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0066B6AE,?,?), ref: 0066C9B5
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066C9F1
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066CA68
                                                                  • Part of subcall function 0066C998: _wcslen.LIBCMT ref: 0066CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0066BAA5
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0066BB00
                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0066BB63
                                                                • RegCloseKey.ADVAPI32(?,?), ref: 0066BBA6
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0066BBB3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 826366716-0
                                                                • Opcode ID: c75781639a479e74141392e1e395ac5f9e0868f0d96cf1d76895613cdf288e2e
                                                                • Instruction ID: d5c731431f95d27be3fb80c39715d998c4ef3151c837a82b0f400fa37556e4d7
                                                                • Opcode Fuzzy Hash: c75781639a479e74141392e1e395ac5f9e0868f0d96cf1d76895613cdf288e2e
                                                                • Instruction Fuzzy Hash: 0C61C531108241EFD318DF54C494E6ABBE6FF84318F54955CF4998B2A2DB31ED85CB92
                                                                Function 00648BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00648BCD
                                                                • VariantClear.OLEAUT32 ref: 00648C3E
                                                                • VariantClear.OLEAUT32 ref: 00648C9D
                                                                • VariantClear.OLEAUT32(?), ref: 00648D10
                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00648D3B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$Clear$ChangeInitType
                                                                • String ID:
                                                                • API String ID: 4136290138-0
                                                                • Opcode ID: 2414289cd9e1039053d09f6259131880b89d5fd830a101e5f5e72543c7739c10
                                                                • Instruction ID: 996e06b2ff584ceab043764fae696bcfd628eebce996f167ae3708ba674179e2
                                                                • Opcode Fuzzy Hash: 2414289cd9e1039053d09f6259131880b89d5fd830a101e5f5e72543c7739c10
                                                                • Instruction Fuzzy Hash: 665168B5A01219EFCB14CF68C884AAAB7FAFF89314B158559E909DB354E730E911CF90
                                                                Function 00658AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00658BAE
                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00658BDA
                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00658C32
                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00658C57
                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00658C5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                • String ID:
                                                                • API String ID: 2832842796-0
                                                                • Opcode ID: 7a099a1cad3a1f938704b6223d641b361bf0ec4adc14f8debb88c1c39a3dd3e8
                                                                • Instruction ID: 652e32b615f85a2c0152e1f58bfe119bc39dba1738ee784e8f48bf0025bc8c25
                                                                • Opcode Fuzzy Hash: 7a099a1cad3a1f938704b6223d641b361bf0ec4adc14f8debb88c1c39a3dd3e8
                                                                • Instruction Fuzzy Hash: CF516C35A006199FCB04DF65C885EADBBF6FF48314F088059E849AB362DB35ED55CB90
                                                                Function 00668EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00668F40
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00668FD0
                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00668FEC
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00669032
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00669052
                                                                  • Part of subcall function 005FF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00651043,?,7529E610), ref: 005FF6E6
                                                                  • Part of subcall function 005FF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0063FA64,00000000,00000000,?,?,00651043,?,7529E610,?,0063FA64), ref: 005FF70D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                • String ID:
                                                                • API String ID: 666041331-0
                                                                • Opcode ID: 9c4d4a871ffd6536043852c510ba217623613281bd525c12d96f200ad1e4202b
                                                                • Instruction ID: 13297d92b7f10e3d89f910f9cfbabc297c2c22a85327bd423ed4ead61b84e6b4
                                                                • Opcode Fuzzy Hash: 9c4d4a871ffd6536043852c510ba217623613281bd525c12d96f200ad1e4202b
                                                                • Instruction Fuzzy Hash: 8C513B34604245DFCB15DF65C4848ADBBF2FF89324F0481A9E94A9B362DB31ED86CB90
                                                                Function 00676B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00676C33
                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00676C4A
                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00676C73
                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0065AB79,00000000,00000000), ref: 00676C98
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00676CC7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$MessageSendShow
                                                                • String ID:
                                                                • API String ID: 3688381893-0
                                                                • Opcode ID: 454e0e495ff5c581a458acad505b507f9063b8b3072da2285bc31dd0ddb084c2
                                                                • Instruction ID: 75f4df7ee61b30d554ec828444a336112b6fef8c45aac6aaf19f0e14c767f29e
                                                                • Opcode Fuzzy Hash: 454e0e495ff5c581a458acad505b507f9063b8b3072da2285bc31dd0ddb084c2
                                                                • Instruction Fuzzy Hash: 0B41D475604504AFD725DF38CC58FE97BA6EB0A360F148268F89DA73E0C371AD51CA40
                                                                Function 00612051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: 95a451f812d069dcf918b35d65b77112e532c64bee7522fac1b94f63c71dd1b9
                                                                • Instruction ID: c21ab01529a08651838dee9ff975fc75424ddf31c124afc5c153706051f2bcd4
                                                                • Opcode Fuzzy Hash: 95a451f812d069dcf918b35d65b77112e532c64bee7522fac1b94f63c71dd1b9
                                                                • Instruction Fuzzy Hash: EB410672A00205AFCB24DF78C891A9EB7F6FF89314F194568E615EB351DB31AD51CB80
                                                                Function 005F912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 005F9141
                                                                • ScreenToClient.USER32(00000000,?), ref: 005F915E
                                                                • GetAsyncKeyState.USER32(00000001), ref: 005F9183
                                                                • GetAsyncKeyState.USER32(00000002), ref: 005F919D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AsyncState$ClientCursorScreen
                                                                • String ID:
                                                                • API String ID: 4210589936-0
                                                                • Opcode ID: ab5940ddbf6f01d1af2b1151e577a5c2b3924582ea965f2f1108f298896333db
                                                                • Instruction ID: f3a9a465eadbb3902f1e48eb989430ed63507f788124162cc4fb4dbf955beab9
                                                                • Opcode Fuzzy Hash: ab5940ddbf6f01d1af2b1151e577a5c2b3924582ea965f2f1108f298896333db
                                                                • Instruction Fuzzy Hash: 80416F71A0860BFBDF199F64C848BFEBB75FB45324F248229E529A3290C7346950CB91
                                                                Function 00653874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetInputState.USER32 ref: 006538CB
                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00653922
                                                                • TranslateMessage.USER32(?), ref: 0065394B
                                                                • DispatchMessageW.USER32(?), ref: 00653955
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00653966
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                • String ID:
                                                                • API String ID: 2256411358-0
                                                                • Opcode ID: 942ddb2a399d9055a9de5a1f99634c9557b538ac9b4e0328efb436905161074f
                                                                • Instruction ID: b8c07678240200c18199bb9e11c1038343a13d1fd795e6cca8aa825f60439d18
                                                                • Opcode Fuzzy Hash: 942ddb2a399d9055a9de5a1f99634c9557b538ac9b4e0328efb436905161074f
                                                                • Instruction Fuzzy Hash: 6E31EAF0504355AEEB39CB34D858BF637EAAB02782F44055DE856C6390F7B496C9CB11
                                                                Function 0065CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0065CF38
                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 0065CF6F
                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,0065C21E,00000000), ref: 0065CFB4
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,0065C21E,00000000), ref: 0065CFC8
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,0065C21E,00000000), ref: 0065CFF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                • String ID:
                                                                • API String ID: 3191363074-0
                                                                • Opcode ID: adbc309fbf679163830c905dd2903e6cb9419ed6c34166cd7a6deee3ad5e72f6
                                                                • Instruction ID: 8ffe38fe3fed598acacfd620aa836ce5b7cdd50d813303ef90028dcfb1bd05ad
                                                                • Opcode Fuzzy Hash: adbc309fbf679163830c905dd2903e6cb9419ed6c34166cd7a6deee3ad5e72f6
                                                                • Instruction Fuzzy Hash: 14318E71600305EFDB24DFA5C8849ABBBFAEF04326F10442EF91AD2241DB30AE45DB60
                                                                Function 00641901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00641915
                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 006419C1
                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 006419C9
                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 006419DA
                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 006419E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleep$RectWindow
                                                                • String ID:
                                                                • API String ID: 3382505437-0
                                                                • Opcode ID: 6c25f47f27b4a05865179a615d2d1a6d63bf21569b04722e5d984ad5708b530c
                                                                • Instruction ID: e4d95565871577358cd37adb541c27b07a6ebad367f8c25ad04f48fe10538015
                                                                • Opcode Fuzzy Hash: 6c25f47f27b4a05865179a615d2d1a6d63bf21569b04722e5d984ad5708b530c
                                                                • Instruction Fuzzy Hash: BD31B171A00219EFCB04CFA8CD99ADE7BB6FB45325F104229F925AB2D1C7709D94DB90
                                                                Function 00675706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00675745
                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 0067579D
                                                                • _wcslen.LIBCMT ref: 006757AF
                                                                • _wcslen.LIBCMT ref: 006757BA
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00675816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen
                                                                • String ID:
                                                                • API String ID: 763830540-0
                                                                • Opcode ID: 76ebc7f4f2a8fa591eb7c63fd62bef2fc59101e3255e39206a537e7b77e470de
                                                                • Instruction ID: d8e8b99ed6590f4e788d79215759aa6fea45b4095a4b226064933d540b023a12
                                                                • Opcode Fuzzy Hash: 76ebc7f4f2a8fa591eb7c63fd62bef2fc59101e3255e39206a537e7b77e470de
                                                                • Instruction Fuzzy Hash: 822167719046189ADB249F64CC85AEE77BAFF04724F10C25AE92EDA2C4D7B099C5CF50
                                                                Function 00660930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindow.USER32(00000000), ref: 00660951
                                                                • GetForegroundWindow.USER32 ref: 00660968
                                                                • GetDC.USER32(00000000), ref: 006609A4
                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 006609B0
                                                                • ReleaseDC.USER32(00000000,00000003), ref: 006609E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ForegroundPixelRelease
                                                                • String ID:
                                                                • API String ID: 4156661090-0
                                                                • Opcode ID: 58b51a7cbfca978752a3e661ab04e6902977e619808d5ec42a19b737581aeebb
                                                                • Instruction ID: dc4420bba1ac93e9486faa5fc8a583cfcf0d255f482dec2e8e87923209c055bb
                                                                • Opcode Fuzzy Hash: 58b51a7cbfca978752a3e661ab04e6902977e619808d5ec42a19b737581aeebb
                                                                • Instruction Fuzzy Hash: B1218135600204AFE708EF65D889AAFBBE6FF45711F04847DE84AA7352DB70AD44CB90
                                                                Function 0061CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0061CDC6
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0061CDE9
                                                                  • Part of subcall function 00613820: RtlAllocateHeap.NTDLL(00000000,?,006B1444,?,005FFDF5,?,?,005EA976,00000010,006B1440,005E13FC,?,005E13C6,?,005E1129), ref: 00613852
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0061CE0F
                                                                • _free.LIBCMT ref: 0061CE22
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0061CE31
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                • String ID:
                                                                • API String ID: 336800556-0
                                                                • Opcode ID: 3ab61600c60db97104f80acb34b56745f0bd13e5c53352ab9d1bbd05554db82c
                                                                • Instruction ID: dc71ab20bd146a7632d7dc3be83b423532ae87a226c05b14b2ee4a394dc5ba26
                                                                • Opcode Fuzzy Hash: 3ab61600c60db97104f80acb34b56745f0bd13e5c53352ab9d1bbd05554db82c
                                                                • Instruction Fuzzy Hash: 3C01D4726412167FA32116BA6C88CFF6A6FDFC6BB1319012DF909C7300EA608D8281B0
                                                                Function 005F9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 005F9693
                                                                • SelectObject.GDI32(?,00000000), ref: 005F96A2
                                                                • BeginPath.GDI32(?), ref: 005F96B9
                                                                • SelectObject.GDI32(?,00000000), ref: 005F96E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 7fd90318f48531e025c9ece3c199c140a20fe5f2ac1596a0a6a3c79aadca430e
                                                                • Instruction ID: 9e5a7f7bc24168a74a3f7c4341f979f516abf45f640d1a10138989932d40f161
                                                                • Opcode Fuzzy Hash: 7fd90318f48531e025c9ece3c199c140a20fe5f2ac1596a0a6a3c79aadca430e
                                                                • Instruction Fuzzy Hash: 58216DB0802749EBDB11AF64DC287B93FAABB42325F50131AF514AA1A0D37458D1CBD4
                                                                Function 00645711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: 1fb977fceb44a9096a4d08fd5dc3276827b4064b2f1e125ded22bb16342d2a4d
                                                                • Instruction ID: fc5177129bb8aa594f7fef73b8f4f11cbcffc8bfa0644fba8984edcdd6e712bd
                                                                • Opcode Fuzzy Hash: 1fb977fceb44a9096a4d08fd5dc3276827b4064b2f1e125ded22bb16342d2a4d
                                                                • Instruction Fuzzy Hash: F50156A1681605FBE30C56119E52EFB735FEB61794B008035FD0A9E682FA61ED11C2A5
                                                                Function 00612DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,0060F2DE,00613863,006B1444,?,005FFDF5,?,?,005EA976,00000010,006B1440,005E13FC,?,005E13C6), ref: 00612DFD
                                                                • _free.LIBCMT ref: 00612E32
                                                                • _free.LIBCMT ref: 00612E59
                                                                • SetLastError.KERNEL32(00000000,005E1129), ref: 00612E66
                                                                • SetLastError.KERNEL32(00000000,005E1129), ref: 00612E6F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free
                                                                • String ID:
                                                                • API String ID: 3170660625-0
                                                                • Opcode ID: 48f07f05424f89e982971893a0e53230d98ac20881594926391702495a0fea32
                                                                • Instruction ID: 6a430c22b543959f164affc86518db3a1df96e6debe746aa3346ceaf0ee53c15
                                                                • Opcode Fuzzy Hash: 48f07f05424f89e982971893a0e53230d98ac20881594926391702495a0fea32
                                                                • Instruction Fuzzy Hash: 38012D3224560267C71277396C95DEB155FAFD1775B2D042CF419E23D2EF308CE14120
                                                                Function 0064000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?,?,?,0064035E), ref: 0064002B
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?,?), ref: 00640046
                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?,?), ref: 00640054
                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?), ref: 00640064
                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0063FF41,80070057,?,?), ref: 00640070
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                • String ID:
                                                                • API String ID: 3897988419-0
                                                                • Opcode ID: d061455623b70225c7292aaf39b310feb064beb5069c623b52faabaaaabdd8ed
                                                                • Instruction ID: f98b46af90432d75a27ec2f3195b35652ccab5d75e4c86ce6f195d3928a9be66
                                                                • Opcode Fuzzy Hash: d061455623b70225c7292aaf39b310feb064beb5069c623b52faabaaaabdd8ed
                                                                • Instruction Fuzzy Hash: 78018F72600224BFEB205F68DC04BAA7EAFEB44B61F145128FE09D2210D771DE808BA0
                                                                Function 0064E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0064E997
                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 0064E9A5
                                                                • Sleep.KERNEL32(00000000), ref: 0064E9AD
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0064E9B7
                                                                • Sleep.KERNEL32 ref: 0064E9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                • String ID:
                                                                • API String ID: 2833360925-0
                                                                • Opcode ID: 11dbdbd64a7c606c2c6050ec86845013487e7d26020a2057fb6ed9f0ad91b8fb
                                                                • Instruction ID: d356280e786c969adce460feb5632b4cc9f0117bdab96b8232d4875f6fd90acc
                                                                • Opcode Fuzzy Hash: 11dbdbd64a7c606c2c6050ec86845013487e7d26020a2057fb6ed9f0ad91b8fb
                                                                • Instruction Fuzzy Hash: 6B018C31C0162DDBCF04AFE4DC59AEDBB7AFF09320F40055AE502B2281CB359691CBA1
                                                                Function 006410F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00641114
                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 00641120
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 0064112F
                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00640B9B,?,?,?), ref: 00641136
                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0064114D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 842720411-0
                                                                • Opcode ID: c2b80f382bbbc360d8839cc550bb215760239b4bfe28b2ffad36ac8869230c89
                                                                • Instruction ID: bfcc7d81344c3efc4ab4437181860eb0f3dc43a9274005e34bd17d13f8603163
                                                                • Opcode Fuzzy Hash: c2b80f382bbbc360d8839cc550bb215760239b4bfe28b2ffad36ac8869230c89
                                                                • Instruction Fuzzy Hash: 94013175100205BFDB154F65DC49EAA3F6FEF86371B104429FA45D7350DB31DC809A60
                                                                Function 00640FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00640FCA
                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00640FD6
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00640FE5
                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00640FEC
                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00641002
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: a7847d8ff4e9f0bd7fb37407b11358e78e4d426adbef964cd4fbf011be2b9803
                                                                • Instruction ID: 4fccbca3123566001e9d8d9a2b3b1a91d9f654b95c3b741a59488730d2abbc85
                                                                • Opcode Fuzzy Hash: a7847d8ff4e9f0bd7fb37407b11358e78e4d426adbef964cd4fbf011be2b9803
                                                                • Instruction Fuzzy Hash: 74F04F35100301ABD7254FA4EC49F963FAEEF8A761F504428F949DA251DA71DCC08A60
                                                                Function 00641014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0064102A
                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00641036
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00641045
                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0064104C
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00641062
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: 0bdfba85e2e16b1aa98dcfaba56dcb1974f4b62f66e76e8c598fc073933be093
                                                                • Instruction ID: f9488ac9eb98d2765ce77d699d192b3b32b7da0b600784fbf2fddbd5b24a988d
                                                                • Opcode Fuzzy Hash: 0bdfba85e2e16b1aa98dcfaba56dcb1974f4b62f66e76e8c598fc073933be093
                                                                • Instruction Fuzzy Hash: 10F06D35200305EBDB255FA4EC49F963BAFEF8AB71F101428FA49DB250DE71D8D08A60
                                                                Function 0065030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(?,?,?,?,0065017D,?,006532FC,?,00000001,00622592,?), ref: 00650324
                                                                • CloseHandle.KERNEL32(?,?,?,?,0065017D,?,006532FC,?,00000001,00622592,?), ref: 00650331
                                                                • CloseHandle.KERNEL32(?,?,?,?,0065017D,?,006532FC,?,00000001,00622592,?), ref: 0065033E
                                                                • CloseHandle.KERNEL32(?,?,?,?,0065017D,?,006532FC,?,00000001,00622592,?), ref: 0065034B
                                                                • CloseHandle.KERNEL32(?,?,?,?,0065017D,?,006532FC,?,00000001,00622592,?), ref: 00650358
                                                                • CloseHandle.KERNEL32(?,?,?,?,0065017D,?,006532FC,?,00000001,00622592,?), ref: 00650365
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: a85f4adefcce60ada08e231b16cec1da11f837d6756f079ca628601d4429ab76
                                                                • Instruction ID: 30bf0dcc1917712a6aefec3f9bca9cd342915f64024d0af9887a7c92c9dc5731
                                                                • Opcode Fuzzy Hash: a85f4adefcce60ada08e231b16cec1da11f837d6756f079ca628601d4429ab76
                                                                • Instruction Fuzzy Hash: 2501A276800B169FD7309F66D880452F7F6BF503163158A3FD19652A31C371A958CF80
                                                                Function 0061D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 0061D752
                                                                  • Part of subcall function 006129C8: HeapFree.KERNEL32(00000000,00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000), ref: 006129DE
                                                                  • Part of subcall function 006129C8: GetLastError.KERNEL32(00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000,00000000), ref: 006129F0
                                                                • _free.LIBCMT ref: 0061D764
                                                                • _free.LIBCMT ref: 0061D776
                                                                • _free.LIBCMT ref: 0061D788
                                                                • _free.LIBCMT ref: 0061D79A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: 9729a9f2500d616f505115430d8876399883b52d32e7708b1b907bbf0a2fe1e5
                                                                • Instruction ID: adad8c2635a70d0a92a45ca9f29ce0284791dd33584cd18e18d7e16ac25834c9
                                                                • Opcode Fuzzy Hash: 9729a9f2500d616f505115430d8876399883b52d32e7708b1b907bbf0a2fe1e5
                                                                • Instruction Fuzzy Hash: 06F03C32500205ABC661FB69F9C5CDA7BDFBB05B20B9C1C09F048DB651CB24FCD08AA4
                                                                Function 00645C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00645C58
                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00645C6F
                                                                • MessageBeep.USER32(00000000), ref: 00645C87
                                                                • KillTimer.USER32(?,0000040A), ref: 00645CA3
                                                                • EndDialog.USER32(?,00000001), ref: 00645CBD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                • String ID:
                                                                • API String ID: 3741023627-0
                                                                • Opcode ID: 48349c30e8d493dd2ca5a54ba5f7b069acb33cedded56d12c44e7544bcdd31ed
                                                                • Instruction ID: 0c17b2506d09a431c94ccab16d965e4dfb5d20a5975a2668ec2bcaf5babf2635
                                                                • Opcode Fuzzy Hash: 48349c30e8d493dd2ca5a54ba5f7b069acb33cedded56d12c44e7544bcdd31ed
                                                                • Instruction Fuzzy Hash: 54018130500B04ABEB395B14DDCEFE67BBABB00B46F00155DA587A10E2DBF0A9848B91
                                                                Function 006122A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 006122BE
                                                                  • Part of subcall function 006129C8: HeapFree.KERNEL32(00000000,00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000), ref: 006129DE
                                                                  • Part of subcall function 006129C8: GetLastError.KERNEL32(00000000,?,0061D7D1,00000000,00000000,00000000,00000000,?,0061D7F8,00000000,00000007,00000000,?,0061DBF5,00000000,00000000), ref: 006129F0
                                                                • _free.LIBCMT ref: 006122D0
                                                                • _free.LIBCMT ref: 006122E3
                                                                • _free.LIBCMT ref: 006122F4
                                                                • _free.LIBCMT ref: 00612305
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: e8a7a8861ac1d59360451c64e79e3a30926d2fa164d5712d762ec77f28557b9a
                                                                • Instruction ID: 69cef3b42b0d394e1cd917ced82abd64687e9fa082d605e373a78ae342453e60
                                                                • Opcode Fuzzy Hash: e8a7a8861ac1d59360451c64e79e3a30926d2fa164d5712d762ec77f28557b9a
                                                                • Instruction Fuzzy Hash: CCF01DB19101119BC752BF69AC218993F6BF71AB707482A0AF410DB371C7345AF19EA8
                                                                Function 005F95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EndPath.GDI32(?), ref: 005F95D4
                                                                • StrokeAndFillPath.GDI32(?,?,006371F7,00000000,?,?,?), ref: 005F95F0
                                                                • SelectObject.GDI32(?,00000000), ref: 005F9603
                                                                • DeleteObject.GDI32 ref: 005F9616
                                                                • StrokePath.GDI32(?), ref: 005F9631
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                • String ID:
                                                                • API String ID: 2625713937-0
                                                                • Opcode ID: d7fec6c97eeb9f84a79f1a6a5536866bf5824c6d1ba7e36b36750a11ad84327f
                                                                • Instruction ID: aaee91fd8c1c87a909e68d402b27e29c36821f37fd4ef469be8b6561a68ef07d
                                                                • Opcode Fuzzy Hash: d7fec6c97eeb9f84a79f1a6a5536866bf5824c6d1ba7e36b36750a11ad84327f
                                                                • Instruction Fuzzy Hash: 64F0197000564CEBDB266F65ED287A43F66BB02336F54A318F529990F0C73589D1DFA0
                                                                Function 00610F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: __freea$_free
                                                                • String ID: a/p$am/pm
                                                                • API String ID: 3432400110-3206640213
                                                                • Opcode ID: 467747d2646d859a7f9d46eed417ec5e12e14de2786f6ea82647c60fa0f3fb07
                                                                • Instruction ID: 7dfb9cad61234bfd9ddf9954ac4b091454214d8ee74a653550003ae0e66e519e
                                                                • Opcode Fuzzy Hash: 467747d2646d859a7f9d46eed417ec5e12e14de2786f6ea82647c60fa0f3fb07
                                                                • Instruction Fuzzy Hash: 90D1CE31900206DADB289F68C856AFAB7B3EF07300F2C415AEB219F754D6759EC1CB95
                                                                Function 006661D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00600242: EnterCriticalSection.KERNEL32(006B070C,006B1884,?,?,005F198B,006B2518,?,?,?,005E12F9,00000000), ref: 0060024D
                                                                  • Part of subcall function 00600242: LeaveCriticalSection.KERNEL32(006B070C,?,005F198B,006B2518,?,?,?,005E12F9,00000000), ref: 0060028A
                                                                  • Part of subcall function 006000A3: __onexit.LIBCMT ref: 006000A9
                                                                • __Init_thread_footer.LIBCMT ref: 00666238
                                                                  • Part of subcall function 006001F8: EnterCriticalSection.KERNEL32(006B070C,?,?,005F8747,006B2514), ref: 00600202
                                                                  • Part of subcall function 006001F8: LeaveCriticalSection.KERNEL32(006B070C,?,005F8747,006B2514), ref: 00600235
                                                                  • Part of subcall function 0065359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006535E4
                                                                  • Part of subcall function 0065359C: LoadStringW.USER32(006B2390,?,00000FFF,?), ref: 0065360A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                • String ID: x#k$x#k$x#k
                                                                • API String ID: 1072379062-2300618980
                                                                • Opcode ID: d383955bac261b717ae8ace077b6ebfb419e32f3813fa5ab5aade84f4c626841
                                                                • Instruction ID: ca09311702f9bbbd4be047ee805ada3e3506914ea79ef251ded06fbad67b5322
                                                                • Opcode Fuzzy Hash: d383955bac261b717ae8ace077b6ebfb419e32f3813fa5ab5aade84f4c626841
                                                                • Instruction Fuzzy Hash: 8BC14E71A0010AABDB14DF58D895EBEBBBAFF48300F148069F955AB391DB70ED45CB90
                                                                Function 00615AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: JO^
                                                                • API String ID: 0-2038365757
                                                                • Opcode ID: 2e31778bce15687bd41f082879d7c053cee31debbfd5307ffe4a2f450957c24f
                                                                • Instruction ID: dd11430e445cbace75fc3e23e3ff87ae1b8c5fc2c4cbd69209f81aa8048198dc
                                                                • Opcode Fuzzy Hash: 2e31778bce15687bd41f082879d7c053cee31debbfd5307ffe4a2f450957c24f
                                                                • Instruction Fuzzy Hash: 3B51B171D04609DFDB249FA4C845FEFFBBAAF85310F18005DF406A72A1D7719A828BA5
                                                                Function 00618A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00618B6E
                                                                • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00618B7A
                                                                • __dosmaperr.LIBCMT ref: 00618B81
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                • String ID: .`
                                                                • API String ID: 2434981716-3826532246
                                                                • Opcode ID: 3d50129f5baa54fed2b6f625302554e0af4bf9c9ef2a805d53ab2fa491c7b882
                                                                • Instruction ID: c430f020dcb7cb5767fc4c217096c82dc98253f07d50c60f9228580de2107ec3
                                                                • Opcode Fuzzy Hash: 3d50129f5baa54fed2b6f625302554e0af4bf9c9ef2a805d53ab2fa491c7b882
                                                                • Instruction Fuzzy Hash: 1D415BB0608145AFDB249F64CC90AFA7FA7DF86314B2C81A9F88587652DE318D839794
                                                                Function 00642716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0064B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006421D0,?,?,00000034,00000800,?,00000034), ref: 0064B42D
                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00642760
                                                                  • Part of subcall function 0064B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006421FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0064B3F8
                                                                  • Part of subcall function 0064B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0064B355
                                                                  • Part of subcall function 0064B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00642194,00000034,?,?,00001004,00000000,00000000), ref: 0064B365
                                                                  • Part of subcall function 0064B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00642194,00000034,?,?,00001004,00000000,00000000), ref: 0064B37B
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006427CD
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0064281A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                • String ID: @
                                                                • API String ID: 4150878124-2766056989
                                                                • Opcode ID: e78ab0bcd6bb4f77c80f46716e88b703592ce9ee32e34946d9c5b7212ef9f9bf
                                                                • Instruction ID: d9d95cd931d8f142ce89bd52a5131212327b4ec47a29b6c3fb3a3782db96cf91
                                                                • Opcode Fuzzy Hash: e78ab0bcd6bb4f77c80f46716e88b703592ce9ee32e34946d9c5b7212ef9f9bf
                                                                • Instruction Fuzzy Hash: 01416072900219BFDB10DFA4CC95ADEBBB9EF05300F105099FA45B7181DB70AE85CBA0
                                                                Function 0061172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00611769
                                                                • _free.LIBCMT ref: 00611834
                                                                • _free.LIBCMT ref: 0061183E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$FileModuleName
                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                • API String ID: 2506810119-517116171
                                                                • Opcode ID: 61baab82a15f6e6f960228eedea70def25698cc1e667dd2dcc95bdaf0d14fbfc
                                                                • Instruction ID: 7af98c47817335dabc068cf1c669ceaad8cceddd010a6c8028dac2de052c4eec
                                                                • Opcode Fuzzy Hash: 61baab82a15f6e6f960228eedea70def25698cc1e667dd2dcc95bdaf0d14fbfc
                                                                • Instruction Fuzzy Hash: EB318071A00218BFDB61DF999881DDEBBFEEB86310B58416AF504DB351D6708EC1CB94
                                                                Function 0064C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0064C306
                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 0064C34C
                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,006B1990,014C7C28), ref: 0064C395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Delete$InfoItem
                                                                • String ID: 0
                                                                • API String ID: 135850232-4108050209
                                                                • Opcode ID: 6b33575362f321bc715e7fababb731cbf5ae80fcd655691a721e98cb4f6e3e4a
                                                                • Instruction ID: ad5a3a39889be6d09ed182753f50f9eb5dba18cf7830f95116af7a933ad59171
                                                                • Opcode Fuzzy Hash: 6b33575362f321bc715e7fababb731cbf5ae80fcd655691a721e98cb4f6e3e4a
                                                                • Instruction Fuzzy Hash: 1741DF322063029FD765DF25D884F5ABBEAAF85320F008A1DF9A5973D1D730E904CB66
                                                                Function 00674416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0067CC08,00000000,?,?,?,?), ref: 006744AA
                                                                • GetWindowLongW.USER32 ref: 006744C7
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006744D7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID: SysTreeView32
                                                                • API String ID: 847901565-1698111956
                                                                • Opcode ID: 9e1eb395ed40798869e2491e67e9498fe2fad138fef7ba8f5040875325359982
                                                                • Instruction ID: f9c0c6cb5e959f05ca5d2bd5264cbc943b7c1efa49135bd4ea5a70a1ece59376
                                                                • Opcode Fuzzy Hash: 9e1eb395ed40798869e2491e67e9498fe2fad138fef7ba8f5040875325359982
                                                                • Instruction Fuzzy Hash: 6F31B271210605AFDF148E38DC49BEA7BAAEB48334F208715F979922D0DB74EC909750
                                                                Function 00646E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SysReAllocString.OLEAUT32(?,?), ref: 00646EED
                                                                • VariantCopyInd.OLEAUT32(?,?), ref: 00646F08
                                                                • VariantClear.OLEAUT32(?), ref: 00646F12
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$AllocClearCopyString
                                                                • String ID: *jd
                                                                • API String ID: 2173805711-525745224
                                                                • Opcode ID: beb2d3e14603117d2481f8107943a5479f7c456e19cd498b771088325e0ede0c
                                                                • Instruction ID: ce18807a10acd3f8271dba1d45f98458e60e19b21a0be7093dac7b2ca525f191
                                                                • Opcode Fuzzy Hash: beb2d3e14603117d2481f8107943a5479f7c456e19cd498b771088325e0ede0c
                                                                • Instruction Fuzzy Hash: 1231B371604246DFCB08AF66E8959BE3BB7FF86300F100499F9824B2B1C7349916DBD2
                                                                Function 0066304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0066335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00663077,?,?), ref: 00663378
                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0066307A
                                                                • _wcslen.LIBCMT ref: 0066309B
                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00663106
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                • String ID: 255.255.255.255
                                                                • API String ID: 946324512-2422070025
                                                                • Opcode ID: d63c04404ebe8cfdb0542c2e491aeb6b1f2336ff37224fa90b216db1411dff6a
                                                                • Instruction ID: 23fb94b657c78c34c1a424e2fd65bf24387aab440371d5464452f8eb8e8920fc
                                                                • Opcode Fuzzy Hash: d63c04404ebe8cfdb0542c2e491aeb6b1f2336ff37224fa90b216db1411dff6a
                                                                • Instruction Fuzzy Hash: 9331E4356042519FCB24CF28C585EAABBE2EF55318F248059E9158F392DB32EF85CB61
                                                                Function 00673EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00673F40
                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00673F54
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00673F78
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window
                                                                • String ID: SysMonthCal32
                                                                • API String ID: 2326795674-1439706946
                                                                • Opcode ID: b043e4069ec8a2d97ebf400b75862b25e8da4b88ec09e2239a10c707c8aee8e2
                                                                • Instruction ID: 247454510c396b3d8d2e816daca26346276a872c35c88485b56073ddf60abf55
                                                                • Opcode Fuzzy Hash: b043e4069ec8a2d97ebf400b75862b25e8da4b88ec09e2239a10c707c8aee8e2
                                                                • Instruction Fuzzy Hash: F721BF32600229BFDF159F50CC46FEA3B76EF48764F114218FA196B2D0D6B5AD909B90
                                                                Function 00674653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00674705
                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00674713
                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0067471A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyWindow
                                                                • String ID: msctls_updown32
                                                                • API String ID: 4014797782-2298589950
                                                                • Opcode ID: c0f0ad259a40b7ce8ad0fee66d736c26a5c8ec45cb552b775e5d6c8b902a6fbf
                                                                • Instruction ID: 59085586528133c79ee86495b108a4769958ef2ba91cfdd4dc48bf10f869b20c
                                                                • Opcode Fuzzy Hash: c0f0ad259a40b7ce8ad0fee66d736c26a5c8ec45cb552b775e5d6c8b902a6fbf
                                                                • Instruction Fuzzy Hash: 32219DB5600209BFEB14DF64DCD5DA737AEEF8A3A4B004149FA049B391DB30EC51CA60
                                                                Function 006495AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                • API String ID: 176396367-2734436370
                                                                • Opcode ID: c66fc2da7885d91ad7d097558b38e7f1ae9d740b786f5449ae74db603d7668b8
                                                                • Instruction ID: 8fbd195841f45f705241eb23f3bac66f04ce5e76eced974eea6427cbfdeab10e
                                                                • Opcode Fuzzy Hash: c66fc2da7885d91ad7d097558b38e7f1ae9d740b786f5449ae74db603d7668b8
                                                                • Instruction Fuzzy Hash: B5215B7218411166D335AB25EC06FF773DBEF95320F11842AF98997282EB519D42C2F5
                                                                Function 006737B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00673840
                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00673850
                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00673876
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MoveWindow
                                                                • String ID: Listbox
                                                                • API String ID: 3315199576-2633736733
                                                                • Opcode ID: 020c324ed92966099e2f551c26917350561d47b22e1356428ed00ba8852311a6
                                                                • Instruction ID: 43e1100c3580827ba9c3933a70cae4e0a2752bb563260bbb263032ac6ad27028
                                                                • Opcode Fuzzy Hash: 020c324ed92966099e2f551c26917350561d47b22e1356428ed00ba8852311a6
                                                                • Instruction Fuzzy Hash: 2621B072610228BBEB158F54CC85EEB376FEF89760F108114F9489B290C672DC529BA0
                                                                Function 006549F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00654A08
                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00654A5C
                                                                • SetErrorMode.KERNEL32(00000000,?,?,0067CC08), ref: 00654AD0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$InformationVolume
                                                                • String ID: %lu
                                                                • API String ID: 2507767853-685833217
                                                                • Opcode ID: 5e57f9d13b880da3dfb2db88ce1fe477a04e41c66f1e86bce146ebe0471c06d7
                                                                • Instruction ID: f2aa75cecc1c36fe34f0fb6792e7e8641126f9101001f5a95f6fd524d7d4b590
                                                                • Opcode Fuzzy Hash: 5e57f9d13b880da3dfb2db88ce1fe477a04e41c66f1e86bce146ebe0471c06d7
                                                                • Instruction Fuzzy Hash: 76318070A00109AFDB14DF54C885EAA7BF9EF48308F1480A9F809DB252DB71ED85CB61
                                                                Function 006741EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0067424F
                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00674264
                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00674271
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: msctls_trackbar32
                                                                • API String ID: 3850602802-1010561917
                                                                • Opcode ID: 72c5fd585f12144eca8fe618d9bc35801793b0ab3e76dfa8b67c3a9189addff2
                                                                • Instruction ID: b02f9435c15687c6f684afe26a3f51ba42a22ff56f62da6f84a4b4da102da93e
                                                                • Opcode Fuzzy Hash: 72c5fd585f12144eca8fe618d9bc35801793b0ab3e76dfa8b67c3a9189addff2
                                                                • Instruction Fuzzy Hash: 6211E331240248BEEF209F29CC0AFEB3BAEEF95B64F114518FA59E6190D671DC619B14
                                                                Function 00642F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                  • Part of subcall function 00642DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00642DC5
                                                                  • Part of subcall function 00642DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00642DD6
                                                                  • Part of subcall function 00642DA7: GetCurrentThreadId.KERNEL32 ref: 00642DDD
                                                                  • Part of subcall function 00642DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00642DE4
                                                                • GetFocus.USER32 ref: 00642F78
                                                                  • Part of subcall function 00642DEE: GetParent.USER32(00000000), ref: 00642DF9
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00642FC3
                                                                • EnumChildWindows.USER32(?,0064303B), ref: 00642FEB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                • String ID: %s%d
                                                                • API String ID: 1272988791-1110647743
                                                                • Opcode ID: 8a6a179264345e0a51e69b57f60fd73a3252e16ce278305e900c1711ece72c78
                                                                • Instruction ID: 21baf48523a0cadb318061478b2c9f64a7cbd15ac982d1256f7a13f973f276de
                                                                • Opcode Fuzzy Hash: 8a6a179264345e0a51e69b57f60fd73a3252e16ce278305e900c1711ece72c78
                                                                • Instruction Fuzzy Hash: AF11D3716002166BCF55BF708CD9EEE3BABAF94354F148079F9099B292DE309949CB70
                                                                Function 00675882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006758C1
                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006758EE
                                                                • DrawMenuBar.USER32(?), ref: 006758FD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$InfoItem$Draw
                                                                • String ID: 0
                                                                • API String ID: 3227129158-4108050209
                                                                • Opcode ID: 2187673772e3c4dd76ce6d62918adf7bda553b10bd7bf91b0eb652a628ef688f
                                                                • Instruction ID: 5965ed9a1c55ea712a6e1334a5ef23368f662a70ee09d7f7bb75ce0c641bfd48
                                                                • Opcode Fuzzy Hash: 2187673772e3c4dd76ce6d62918adf7bda553b10bd7bf91b0eb652a628ef688f
                                                                • Instruction Fuzzy Hash: 4A018E31500209EFDB109F11DC44BAEBBBAFF45360F10C099EA4EDA251DB708A94DF20
                                                                Function 0063D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0063D3BF
                                                                • FreeLibrary.KERNEL32 ref: 0063D3E5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                • API String ID: 3013587201-2590602151
                                                                • Opcode ID: e24ff6de36a6e9e347d0423e1c13ba5f7d102a4d253cb944ec0d709079feb4c2
                                                                • Instruction ID: 959eb47990f04f8f5dc28ab22a1e7bdffc217ded409762cb5f74aeaf68e6373b
                                                                • Opcode Fuzzy Hash: e24ff6de36a6e9e347d0423e1c13ba5f7d102a4d253cb944ec0d709079feb4c2
                                                                • Instruction Fuzzy Hash: E9F0A371C01520D7E37117105C189EE3717AF12711F94802DF905E2204EB30CF8087D2
                                                                Function 0064007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 66b8fe06ab486e2ba927d76fb9cbe47fcd401fc7637c64727336e4b0ea9fae29
                                                                • Instruction ID: d2a426c42cddbb6d8537683118016383a75eadc8676e960ebf322113d24954f2
                                                                • Opcode Fuzzy Hash: 66b8fe06ab486e2ba927d76fb9cbe47fcd401fc7637c64727336e4b0ea9fae29
                                                                • Instruction Fuzzy Hash: BDC16F75A00226EFDB15CFA4C894EAEBBB6FF48704F108598E505EB251D771EE41CB90
                                                                Function 0066342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                • String ID:
                                                                • API String ID: 1998397398-0
                                                                • Opcode ID: ef9042534c6100b2f33ace6becce3f0ae4437229268b46499f37c7abc426df80
                                                                • Instruction ID: aabf1d184f5d054a21d21d26c6ac58520b7f69a4103156c3daa53c5cde581df9
                                                                • Opcode Fuzzy Hash: ef9042534c6100b2f33ace6becce3f0ae4437229268b46499f37c7abc426df80
                                                                • Instruction Fuzzy Hash: CBA139756047159FC714DF29C489A2ABBE6FF88714F04885DF98A9B362DB30EE01CB91
                                                                Function 00640436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0067FC08,?), ref: 006405F0
                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0067FC08,?), ref: 00640608
                                                                • CLSIDFromProgID.OLE32(?,?,00000000,0067CC40,000000FF,?,00000000,00000800,00000000,?,0067FC08,?), ref: 0064062D
                                                                • _memcmp.LIBVCRUNTIME ref: 0064064E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FromProg$FreeTask_memcmp
                                                                • String ID:
                                                                • API String ID: 314563124-0
                                                                • Opcode ID: 7ebc5943ea48d64f9b28b5a94f636537c0ca0db9c8300297546038df41164feb
                                                                • Instruction ID: 83beed4765d24c7e91afa090886da7bbf39534fdc64ea48ce00d799a22d9bb05
                                                                • Opcode Fuzzy Hash: 7ebc5943ea48d64f9b28b5a94f636537c0ca0db9c8300297546038df41164feb
                                                                • Instruction Fuzzy Hash: EC812C71A00119EFDB04DF94C984DEEB7BAFF89315F204598E606AB250DB71AE06CF60
                                                                Function 0066A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0066A6AC
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0066A6BA
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 0066A79C
                                                                • CloseHandle.KERNEL32(00000000), ref: 0066A7AB
                                                                  • Part of subcall function 005FCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00623303,?), ref: 005FCE8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                • String ID:
                                                                • API String ID: 1991900642-0
                                                                • Opcode ID: 157ec2217e64a6ff908e5d5c09058ce36faed1199dee2bd2eb3275ec49dad149
                                                                • Instruction ID: 925a750ee049d3e44a7fc5be352471e2726e0a376c41ee781842dbfb4be443db
                                                                • Opcode Fuzzy Hash: 157ec2217e64a6ff908e5d5c09058ce36faed1199dee2bd2eb3275ec49dad149
                                                                • Instruction Fuzzy Hash: 6E518E715083419FC714EF25C88AA6BBBE9FFC8754F40492DF58997252EB30E904CB92
                                                                Function 00621391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: 1145eab0a31e0dfae4d2290d20624734f0f853c31910943d4992968faa589291
                                                                • Instruction ID: 1a3b823e5d6ab8d6f5cbd79ec3aa1f4bb9078889e14845373d639a611297c0c3
                                                                • Opcode Fuzzy Hash: 1145eab0a31e0dfae4d2290d20624734f0f853c31910943d4992968faa589291
                                                                • Instruction Fuzzy Hash: D1415B31504920ABDB257FF8AC456EF3AE7EF63370F144229F41CDA2D1E63049815B65
                                                                Function 00676278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 006762E2
                                                                • ScreenToClient.USER32(?,?), ref: 00676315
                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00676382
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientMoveRectScreen
                                                                • String ID:
                                                                • API String ID: 3880355969-0
                                                                • Opcode ID: a27aaaed852cb627d208c20bca246e77b65c103db573936cd25ee41accffd3e8
                                                                • Instruction ID: 4012ba3ca8fd9a4b3075d30e735ad3221b299dd784d68ec14a647f97232cb862
                                                                • Opcode Fuzzy Hash: a27aaaed852cb627d208c20bca246e77b65c103db573936cd25ee41accffd3e8
                                                                • Instruction Fuzzy Hash: 77511A74A00649EFDB14DF68D8809EE7BB6FF45360F109259F8299B390D730AE81CB90
                                                                Function 00661AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00661AFD
                                                                • WSAGetLastError.WSOCK32 ref: 00661B0B
                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00661B8A
                                                                • WSAGetLastError.WSOCK32 ref: 00661B94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$socket
                                                                • String ID:
                                                                • API String ID: 1881357543-0
                                                                • Opcode ID: 17412b468d480faec5ca850f5d3a460db91584cac3cd87dfb89dcd45bd3dbd5f
                                                                • Instruction ID: 81c0c529ef3c05d577bdf5f4ab7dd1237a12a66699e99686dc634feb213dd086
                                                                • Opcode Fuzzy Hash: 17412b468d480faec5ca850f5d3a460db91584cac3cd87dfb89dcd45bd3dbd5f
                                                                • Instruction Fuzzy Hash: 1841B6346002016FD7249F24C88AF757BE6AB85718F58845CF6599F3D3D771DD428B90
                                                                Function 0061B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 58f3d1205506088f2572c26bdc6738fdf6934319665522ad7061c0e607cc5aff
                                                                • Instruction ID: c63437dd284e0a9c27458137725a371d1077e0c90fce70387a12804e04036706
                                                                • Opcode Fuzzy Hash: 58f3d1205506088f2572c26bdc6738fdf6934319665522ad7061c0e607cc5aff
                                                                • Instruction Fuzzy Hash: C2410671A00714AFD7249F78CC41BEABBEBEF88710F14852EF141DB692D77199818B94
                                                                Function 006556D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00655783
                                                                • GetLastError.KERNEL32(?,00000000), ref: 006557A9
                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 006557CE
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 006557FA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                • String ID:
                                                                • API String ID: 3321077145-0
                                                                • Opcode ID: 95ea5ccbe0a9c4f5d8135523674204288bf4c88f5fb549093a3c8e6fbc59ece1
                                                                • Instruction ID: 6b50ed600fd6925702400f6d09799db1d0666c894b8fb7b8e478780884d475d7
                                                                • Opcode Fuzzy Hash: 95ea5ccbe0a9c4f5d8135523674204288bf4c88f5fb549093a3c8e6fbc59ece1
                                                                • Instruction Fuzzy Hash: DA413B35600A51DFCB14DF15C448A5EBBE2BF89321F188489EC9AAB362DB30FD45CB91
                                                                Function 0061D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,00606D71,00000000,00000000,006082D9,?,006082D9,?,00000001,00606D71,?,00000001,006082D9,006082D9), ref: 0061D910
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0061D999
                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0061D9AB
                                                                • __freea.LIBCMT ref: 0061D9B4
                                                                  • Part of subcall function 00613820: RtlAllocateHeap.NTDLL(00000000,?,006B1444,?,005FFDF5,?,?,005EA976,00000010,006B1440,005E13FC,?,005E13C6,?,005E1129), ref: 00613852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                • String ID:
                                                                • API String ID: 2652629310-0
                                                                • Opcode ID: 293f179e5d5a32d97edaeb2be5b9bc11781d01c3252e3f72ede56bc74f829818
                                                                • Instruction ID: 758a278a6292f505819a31f3d62841b1fa2285064ee13e59612b4e8b4095fa2b
                                                                • Opcode Fuzzy Hash: 293f179e5d5a32d97edaeb2be5b9bc11781d01c3252e3f72ede56bc74f829818
                                                                • Instruction Fuzzy Hash: 9131A072A0021AABDB289F64DC45EEF7BA6EB41310B094568FC04D6290EB35DD91CBA0
                                                                Function 006752C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00675352
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00675375
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00675382
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006753A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                • String ID:
                                                                • API String ID: 3340791633-0
                                                                • Opcode ID: 46d081160e1b4f12d69ad72e17a4eacb9e5c0e33184cd3747041ee22cf01f718
                                                                • Instruction ID: 0c43934bacdf30703ada53bef2289d6dd3bb7a4a8342307775e593dbbe38a60b
                                                                • Opcode Fuzzy Hash: 46d081160e1b4f12d69ad72e17a4eacb9e5c0e33184cd3747041ee22cf01f718
                                                                • Instruction Fuzzy Hash: 25310630A55A08FFEB349B14CC55BE83767AB043B0F548185FA1A963F0E7F4AD809781
                                                                Function 0064AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0064ABF1
                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 0064AC0D
                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 0064AC74
                                                                • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0064ACC6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: 19a46650ecbc6a5dcaba42246375a677c5d29272ea5667970078151c4000b055
                                                                • Instruction ID: d7cfe4baedf9dbfe0c824ff3beda9d6860e4b6bbcfcb70e81704007faba93226
                                                                • Opcode Fuzzy Hash: 19a46650ecbc6a5dcaba42246375a677c5d29272ea5667970078151c4000b055
                                                                • Instruction Fuzzy Hash: 5E310870A80618BFEF75CBA58C847FA7BA7AB49320F04521EE485562D1C37589858792
                                                                Function 00677674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ClientToScreen.USER32(?,?), ref: 0067769A
                                                                • GetWindowRect.USER32(?,?), ref: 00677710
                                                                • PtInRect.USER32(?,?,00678B89), ref: 00677720
                                                                • MessageBeep.USER32(00000000), ref: 0067778C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                • String ID:
                                                                • API String ID: 1352109105-0
                                                                • Opcode ID: a104a83d06473a98ce01bbb4f83851124414857080bc88382f11eb5392c22423
                                                                • Instruction ID: 50c13cbdd93ca9436c70f0cc1fc2b46d47d95f96bde0a2c709d438afbb5ba2b9
                                                                • Opcode Fuzzy Hash: a104a83d06473a98ce01bbb4f83851124414857080bc88382f11eb5392c22423
                                                                • Instruction Fuzzy Hash: 5641AD74605254EFCB19DF58D894EA9B7F6FB49314F1881A8E4189F361C331AA82CF90
                                                                Function 006716DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32 ref: 006716EB
                                                                  • Part of subcall function 00643A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00643A57
                                                                  • Part of subcall function 00643A3D: GetCurrentThreadId.KERNEL32 ref: 00643A5E
                                                                  • Part of subcall function 00643A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006425B3), ref: 00643A65
                                                                • GetCaretPos.USER32(?), ref: 006716FF
                                                                • ClientToScreen.USER32(00000000,?), ref: 0067174C
                                                                • GetForegroundWindow.USER32 ref: 00671752
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                • String ID:
                                                                • API String ID: 2759813231-0
                                                                • Opcode ID: 17cf2627108d825fece89f87e4ea6d2b96483c78570f3a8c3f3aa80da4541dc0
                                                                • Instruction ID: 3d6a76ed2028b21b9fbb3d2a66740cc7fddba663211e0454ef8e6f35ce5d9225
                                                                • Opcode Fuzzy Hash: 17cf2627108d825fece89f87e4ea6d2b96483c78570f3a8c3f3aa80da4541dc0
                                                                • Instruction Fuzzy Hash: ED313071D00149AFCB04DFAAC885CAEBBFAFF89304B54806AE455E7311D631DE45CBA0
                                                                Function 00678FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                • GetCursorPos.USER32(?), ref: 00679001
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00637711,?,?,?,?,?), ref: 00679016
                                                                • GetCursorPos.USER32(?), ref: 0067905E
                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00637711,?,?,?), ref: 00679094
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                • String ID:
                                                                • API String ID: 2864067406-0
                                                                • Opcode ID: 22dea7e6eea7351f5f070a030d779484a27c7b1d82322f38007e8c57f4f56722
                                                                • Instruction ID: faa70bc45f9eb97298c79000f6b057ae8ab7791932a76e17ed6f9820bb007ad6
                                                                • Opcode Fuzzy Hash: 22dea7e6eea7351f5f070a030d779484a27c7b1d82322f38007e8c57f4f56722
                                                                • Instruction Fuzzy Hash: 0A217F35610018FFDB298F94CC58EFA7BFAFB8A360F148159F9094B261C73599A0DB60
                                                                Function 0064D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNEL32(?,0067CB68), ref: 0064D2FB
                                                                • GetLastError.KERNEL32 ref: 0064D30A
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 0064D319
                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0067CB68), ref: 0064D376
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                • String ID:
                                                                • API String ID: 2267087916-0
                                                                • Opcode ID: f92f93915c118a837e3e501d81bcf3fb7710bf772af40b7921aad4cbb67ef8d0
                                                                • Instruction ID: 0ed4cece413724b721badaf40d4f2d8bb5d94e165fc022e9733c8b158322fcd8
                                                                • Opcode Fuzzy Hash: f92f93915c118a837e3e501d81bcf3fb7710bf772af40b7921aad4cbb67ef8d0
                                                                • Instruction Fuzzy Hash: 5C218070908201DFC714DF24C8854AA7BE5AF96724F504A5DF499D32A1EB30DA46CB93
                                                                Function 00641571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00641014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0064102A
                                                                  • Part of subcall function 00641014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00641036
                                                                  • Part of subcall function 00641014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00641045
                                                                  • Part of subcall function 00641014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0064104C
                                                                  • Part of subcall function 00641014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00641062
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 006415BE
                                                                • _memcmp.LIBVCRUNTIME ref: 006415E1
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00641617
                                                                • HeapFree.KERNEL32(00000000), ref: 0064161E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                • String ID:
                                                                • API String ID: 1592001646-0
                                                                • Opcode ID: e756f53b138f73b75f92cf1294f16833d57e0e5c0c46bbe145dc98bc0d07802f
                                                                • Instruction ID: a3abca4d5e98c849581468bc6766841b23f724d7e1a132ef2a0b7feaf6f8c97c
                                                                • Opcode Fuzzy Hash: e756f53b138f73b75f92cf1294f16833d57e0e5c0c46bbe145dc98bc0d07802f
                                                                • Instruction Fuzzy Hash: 5D21AF71E00108EFDF04DFA4C945BEEBBBAEF45354F094459E445AB241E731EA85DBA0
                                                                Function 00672782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0067280A
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00672824
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00672832
                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00672840
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$AttributesLayered
                                                                • String ID:
                                                                • API String ID: 2169480361-0
                                                                • Opcode ID: 6dc715a9290a69f92237dbe194ecce6915b3d1879fd5241b1c7de0448f43de2a
                                                                • Instruction ID: 8450553373e0d2cebbe41c1c2e220f052570c34e5da379100376666a96f1a924
                                                                • Opcode Fuzzy Hash: 6dc715a9290a69f92237dbe194ecce6915b3d1879fd5241b1c7de0448f43de2a
                                                                • Instruction Fuzzy Hash: 1C21B631604512AFE718DB24C855FAA7B96FF85324F14815CF42A8B6D2C772FC82C791
                                                                Function 006478F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00648D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0064790A,?,000000FF,?,00648754,00000000,?,0000001C,?,?), ref: 00648D8C
                                                                  • Part of subcall function 00648D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00648DB2
                                                                  • Part of subcall function 00648D7D: lstrcmpiW.KERNEL32(00000000,?,0064790A,?,000000FF,?,00648754,00000000,?,0000001C,?,?), ref: 00648DE3
                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00648754,00000000,?,0000001C,?,?,00000000), ref: 00647923
                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 00647949
                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00648754,00000000,?,0000001C,?,?,00000000), ref: 00647984
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                • String ID: cdecl
                                                                • API String ID: 4031866154-3896280584
                                                                • Opcode ID: aa7a4c95187e30f67a67c47b3ec523eac0baee09061446bf480da1d9822b89c2
                                                                • Instruction ID: f4febaff1e0bcb676ab87b9aa9e5869b10b83673e8fbbd7f6eb4278ca07e181d
                                                                • Opcode Fuzzy Hash: aa7a4c95187e30f67a67c47b3ec523eac0baee09061446bf480da1d9822b89c2
                                                                • Instruction Fuzzy Hash: A611E63A200342AFCB15AF34D845DBA77AAFF95350B50402EF946CB3A4EB319851C7A1
                                                                Function 00677CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00677D0B
                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00677D2A
                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00677D42
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0065B7AD,00000000), ref: 00677D6B
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID:
                                                                • API String ID: 847901565-0
                                                                • Opcode ID: 8b76c30c845bfa7baea476f4792858c563a540171059ee797ef75ea7e5cd37e0
                                                                • Instruction ID: 6d55fa450b070ecba4679b37141f16f4a6df0ad98b0a226cd0c7621044b1631d
                                                                • Opcode Fuzzy Hash: 8b76c30c845bfa7baea476f4792858c563a540171059ee797ef75ea7e5cd37e0
                                                                • Instruction Fuzzy Hash: 3511A271514655AFCB209F68CC04AA63BA6BF46374B158728F83DDB2F0D73199A1CB90
                                                                Function 00675660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 006756BB
                                                                • _wcslen.LIBCMT ref: 006756CD
                                                                • _wcslen.LIBCMT ref: 006756D8
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00675816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend_wcslen
                                                                • String ID:
                                                                • API String ID: 455545452-0
                                                                • Opcode ID: 86c77a28ba11ed931865fab504c15359541159a910342aac2a43242119e677f3
                                                                • Instruction ID: ad670325172a6f9caa77d4f34fc8d6fee5ac6820be1c0450675a69e692558a1c
                                                                • Opcode Fuzzy Hash: 86c77a28ba11ed931865fab504c15359541159a910342aac2a43242119e677f3
                                                                • Instruction Fuzzy Hash: 2711DA7160061896DF209F61CC85AEE77ADEF11760F50C1AAFA1ED6181E7B0D580CF64
                                                                Function 00611D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5de0bc7a620a4c6411a435f07c1badeeee793c1783cadc3bf2084bb462368274
                                                                • Instruction ID: e6daa1c15baf6fa2515e9329aefb771cd1c5cfac6af71df620a344861b06d521
                                                                • Opcode Fuzzy Hash: 5de0bc7a620a4c6411a435f07c1badeeee793c1783cadc3bf2084bb462368274
                                                                • Instruction Fuzzy Hash: D301A2B2A096163EF75116787CC1FE7661FDF827B8B38132AF621592D2DB608CD05164
                                                                Function 00641A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00641A47
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00641A59
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00641A6F
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00641A8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 88236d1c2973702af985606ead5fcbb7996019f6373b0cd36ca7f185fc7a80de
                                                                • Instruction ID: a0297295443cd75547e90ee043316cc91b3a25baee2c34e42c1480ba1f029a28
                                                                • Opcode Fuzzy Hash: 88236d1c2973702af985606ead5fcbb7996019f6373b0cd36ca7f185fc7a80de
                                                                • Instruction Fuzzy Hash: 3F113C3AD01219FFEB10DBA4CD85FADBB79EB04750F200495E604B7290D6716E90DB94
                                                                Function 0064E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 0064E1FD
                                                                • MessageBoxW.USER32(?,?,?,?), ref: 0064E230
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0064E246
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0064E24D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                • String ID:
                                                                • API String ID: 2880819207-0
                                                                • Opcode ID: 3547d9da5413dc274d91a6d43fe10a878b69125a7cc6abeb25ea6f90fbe0291f
                                                                • Instruction ID: 148b93db52b80a65c154e6875ba4623f234d434dd265391e12b2f71d1d4cd137
                                                                • Opcode Fuzzy Hash: 3547d9da5413dc274d91a6d43fe10a878b69125a7cc6abeb25ea6f90fbe0291f
                                                                • Instruction Fuzzy Hash: D01108B2904214BBC7059BA89C15ADF7FEEAB45320F404329F915E3291E6B18A4087A0
                                                                Function 0060D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNEL32(00000000,?,0060CFF9,00000000,00000004,00000000), ref: 0060D218
                                                                • GetLastError.KERNEL32 ref: 0060D224
                                                                • __dosmaperr.LIBCMT ref: 0060D22B
                                                                • ResumeThread.KERNEL32(00000000), ref: 0060D249
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                • String ID:
                                                                • API String ID: 173952441-0
                                                                • Opcode ID: 366a7ea5af6546f6f2d901dafa4a03ad0677d7e542b91c3b1ae23c21290a7519
                                                                • Instruction ID: 3d9f32faf373d841859d8182b43611f667001cc633000b8c4f25b6081decc24b
                                                                • Opcode Fuzzy Hash: 366a7ea5af6546f6f2d901dafa4a03ad0677d7e542b91c3b1ae23c21290a7519
                                                                • Instruction Fuzzy Hash: 8101C036885204BBDB296BE5DC09BAB7A6BDF81730F10031DFA29961D0DF708A41C7A0
                                                                Function 00679EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 005F9BB2
                                                                • GetClientRect.USER32(?,?), ref: 00679F31
                                                                • GetCursorPos.USER32(?), ref: 00679F3B
                                                                • ScreenToClient.USER32(?,?), ref: 00679F46
                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00679F7A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                • String ID:
                                                                • API String ID: 4127811313-0
                                                                • Opcode ID: da14bd789c6dd7b1a749e7178b8c1f7901c198384c4a6f5f1fbb809bde7e4a37
                                                                • Instruction ID: 4f2826ce54813993cd3312c148457222df3b30942e6acc8a1eb486b223115c2e
                                                                • Opcode Fuzzy Hash: da14bd789c6dd7b1a749e7178b8c1f7901c198384c4a6f5f1fbb809bde7e4a37
                                                                • Instruction Fuzzy Hash: D4119A3290051ABBDB14EF68C889DEE77BAFB05311F008459F905E3140D334BA91CBB1
                                                                Function 005E600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 005E604C
                                                                • GetStockObject.GDI32(00000011), ref: 005E6060
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 005E606A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                • String ID:
                                                                • API String ID: 3970641297-0
                                                                • Opcode ID: 8766fa1328682df51ecbbe5235eeb744788178b755f8e5463de750d3383ddfa7
                                                                • Instruction ID: 2e2511e00f173ed24f91db08ebb2f633980194e489ca2475acfbe75456217f13
                                                                • Opcode Fuzzy Hash: 8766fa1328682df51ecbbe5235eeb744788178b755f8e5463de750d3383ddfa7
                                                                • Instruction Fuzzy Hash: 2611A173501558BFEF1A9FA59C58EEA7F6AFF183E4F001215FA0452010C732ACA0DB91
                                                                Function 00603B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00603B56
                                                                  • Part of subcall function 00603AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00603AD2
                                                                  • Part of subcall function 00603AA3: ___AdjustPointer.LIBCMT ref: 00603AED
                                                                • _UnwindNestedFrames.LIBCMT ref: 00603B6B
                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00603B7C
                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00603BA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                • String ID:
                                                                • API String ID: 737400349-0
                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction ID: 17dd6a0f2ac6bc6aaec403dc518c93f01a195016322d95b491e7440bbfa302e2
                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction Fuzzy Hash: D0018C72140148BBCF166E95CC42EEB3F6EEF98759F044008FE0856261C732E961DBA4
                                                                Function 00613073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,005E13C6,00000000,00000000,?,0061301A,005E13C6,00000000,00000000,00000000,?,0061328B,00000006,FlsSetValue), ref: 006130A5
                                                                • GetLastError.KERNEL32(?,0061301A,005E13C6,00000000,00000000,00000000,?,0061328B,00000006,FlsSetValue,00682290,FlsSetValue,00000000,00000364,?,00612E46), ref: 006130B1
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0061301A,005E13C6,00000000,00000000,00000000,?,0061328B,00000006,FlsSetValue,00682290,FlsSetValue,00000000), ref: 006130BF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID:
                                                                • API String ID: 3177248105-0
                                                                • Opcode ID: 4726c1fcac142d75aa5e6459f35204fa1ba1f9f816cdf5617e7d7b8faad505b9
                                                                • Instruction ID: f05bca7425851dcc664940a568c90d370c1dd626f5413accd4cf6b340b33fd3f
                                                                • Opcode Fuzzy Hash: 4726c1fcac142d75aa5e6459f35204fa1ba1f9f816cdf5617e7d7b8faad505b9
                                                                • Instruction Fuzzy Hash: CC01D832301632ABD7214B799C449D77BDA9F09772B150624F91BE7340D721DA81C7E0
                                                                Function 00647464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0064747F
                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00647497
                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 006474AC
                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 006474CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                • String ID:
                                                                • API String ID: 1352324309-0
                                                                • Opcode ID: e4c5dbc91632f22bc78175acb88ecdc398193265fdb763829054963be5557e34
                                                                • Instruction ID: 9256ecd75a093bd99d5c5936ba612b4d48123a90f470f43536391b77282cf462
                                                                • Opcode Fuzzy Hash: e4c5dbc91632f22bc78175acb88ecdc398193265fdb763829054963be5557e34
                                                                • Instruction Fuzzy Hash: 2211ADB1205314ABE720CF24DC08BA27BFEEB00B10F10856DE61AD6191D7B0E944DBA0
                                                                Function 0064B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0064ACD3,?,00008000), ref: 0064B0C4
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0064ACD3,?,00008000), ref: 0064B0E9
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0064ACD3,?,00008000), ref: 0064B0F3
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0064ACD3,?,00008000), ref: 0064B126
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CounterPerformanceQuerySleep
                                                                • String ID:
                                                                • API String ID: 2875609808-0
                                                                • Opcode ID: 8942aa9869c7ce20b72d456734edf86d09d9428b5c6677f6cf1da9a2ffa751e8
                                                                • Instruction ID: 8e264d3dbea6274315dee880d1cc63a7d9ab3d3c5a79174af2a9216390a78d0c
                                                                • Opcode Fuzzy Hash: 8942aa9869c7ce20b72d456734edf86d09d9428b5c6677f6cf1da9a2ffa751e8
                                                                • Instruction Fuzzy Hash: 7E115B31C0152DEBCF08AFE4E9596EEBB7AFF4A721F105099D941B3281CB309651CB51
                                                                Function 00677E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00677E33
                                                                • ScreenToClient.USER32(?,?), ref: 00677E4B
                                                                • ScreenToClient.USER32(?,?), ref: 00677E6F
                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00677E8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                • String ID:
                                                                • API String ID: 357397906-0
                                                                • Opcode ID: 810f1ff83f9a45c474703220dc62c521dd4b0003ba32e38c743459ee36826b97
                                                                • Instruction ID: cbb00be72dc5106997993a8e1d77f6d56453504f0406a39938f4a78bde6c0a30
                                                                • Opcode Fuzzy Hash: 810f1ff83f9a45c474703220dc62c521dd4b0003ba32e38c743459ee36826b97
                                                                • Instruction Fuzzy Hash: A51156B9D0020AAFDB41DF98D8849EEBBF5FF18310F509056E915E3210D735AA94CF51
                                                                Function 00642DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00642DC5
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00642DD6
                                                                • GetCurrentThreadId.KERNEL32 ref: 00642DDD
                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00642DE4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 2710830443-0
                                                                • Opcode ID: 65409767d2d93c5636fc97562b3b15cbca871a01546ee8a7202233c88d1addb6
                                                                • Instruction ID: 8576f7343c2893ba23577501087e878647310d7284fadfca2d8c9328ffd90e0c
                                                                • Opcode Fuzzy Hash: 65409767d2d93c5636fc97562b3b15cbca871a01546ee8a7202233c88d1addb6
                                                                • Instruction Fuzzy Hash: 6CE092715016247BD7241B729C4DFEB7E6EEF42BB1F901019F109D1080DAA4C881D6B0
                                                                Function 00678863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005F9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 005F9693
                                                                  • Part of subcall function 005F9639: SelectObject.GDI32(?,00000000), ref: 005F96A2
                                                                  • Part of subcall function 005F9639: BeginPath.GDI32(?), ref: 005F96B9
                                                                  • Part of subcall function 005F9639: SelectObject.GDI32(?,00000000), ref: 005F96E2
                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00678887
                                                                • LineTo.GDI32(?,?,?), ref: 00678894
                                                                • EndPath.GDI32(?), ref: 006788A4
                                                                • StrokePath.GDI32(?), ref: 006788B2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                • String ID:
                                                                • API String ID: 1539411459-0
                                                                • Opcode ID: ce92acc621c8703f220ffa639ae10fcc16ac31b43d6c108105d1667d6b3d3b7a
                                                                • Instruction ID: 5e27b77e99d8352de38b31670a28aeae78b138e107cb45c2e8dfc9b0f60a5901
                                                                • Opcode Fuzzy Hash: ce92acc621c8703f220ffa639ae10fcc16ac31b43d6c108105d1667d6b3d3b7a
                                                                • Instruction Fuzzy Hash: 8FF03A36041259FADB126F94AC0DFCA3F5BAF06320F448104FA15651E1C7755591CBE5
                                                                Function 005F98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000008), ref: 005F98CC
                                                                • SetTextColor.GDI32(?,?), ref: 005F98D6
                                                                • SetBkMode.GDI32(?,00000001), ref: 005F98E9
                                                                • GetStockObject.GDI32(00000005), ref: 005F98F1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$ModeObjectStockText
                                                                • String ID:
                                                                • API String ID: 4037423528-0
                                                                • Opcode ID: cd984835f3dbd3bd48f8736b0bab5c4b5fbb01e52179e36237f2f5ff0255ee8f
                                                                • Instruction ID: 6e9b70728cbce01838cad707598660d3d875be0dbdebfa2a13db6e2ff499ccd9
                                                                • Opcode Fuzzy Hash: cd984835f3dbd3bd48f8736b0bab5c4b5fbb01e52179e36237f2f5ff0255ee8f
                                                                • Instruction Fuzzy Hash: 70E06531244644ABDB215B78AC09BE83F52EB12335F14822DF6F9540E1C77156909B10
                                                                Function 0064162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThread.KERNEL32 ref: 00641634
                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,006411D9), ref: 0064163B
                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,006411D9), ref: 00641648
                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,006411D9), ref: 0064164F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentOpenProcessThreadToken
                                                                • String ID:
                                                                • API String ID: 3974789173-0
                                                                • Opcode ID: a2f47e2c7e6153d9935fb21f98a900f2ad2ec3cefb239abd1acb0c73384b5e8e
                                                                • Instruction ID: 646d90af61c434e89474feca7c7c495343660da654b9f16224cdcd1526033251
                                                                • Opcode Fuzzy Hash: a2f47e2c7e6153d9935fb21f98a900f2ad2ec3cefb239abd1acb0c73384b5e8e
                                                                • Instruction Fuzzy Hash: FCE08C32602211EBD7201FB0AE0DF863B7EAF457B2F15880CF249DD090E63484C0CBA4
                                                                Function 0063D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 0063D858
                                                                • GetDC.USER32(00000000), ref: 0063D862
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0063D882
                                                                • ReleaseDC.USER32(?), ref: 0063D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: 1a8473ca3657abdfc000e5b0e218639203e1cafb6dcac6385b6af8f8e3a07255
                                                                • Instruction ID: 82fa44212a2f62002e61accf0584bc90d3dbc3b2ac6ad125a34de1f6f88a853e
                                                                • Opcode Fuzzy Hash: 1a8473ca3657abdfc000e5b0e218639203e1cafb6dcac6385b6af8f8e3a07255
                                                                • Instruction Fuzzy Hash: D2E01AB0800205EFCB45AFB0D84C66DBFB7FB08320F209409E85AE7250DB389982AF50
                                                                Function 0063D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 0063D86C
                                                                • GetDC.USER32(00000000), ref: 0063D876
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0063D882
                                                                • ReleaseDC.USER32(?), ref: 0063D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: 3ed3eaf65832504ed9b9ca70983433b23eddf24b32dbd2947455043fb7b64935
                                                                • Instruction ID: 10066a98af996a3704b8288cba628a5d2a4f54dde91bed38ad7003864ad7cb36
                                                                • Opcode Fuzzy Hash: 3ed3eaf65832504ed9b9ca70983433b23eddf24b32dbd2947455043fb7b64935
                                                                • Instruction Fuzzy Hash: 30E01A70C00204DFCB45AFB0D84C66DBFB6BB08320B109408E95AE7250DB3859819F50
                                                                Function 00654D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E7620: _wcslen.LIBCMT ref: 005E7625
                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00654ED4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Connection_wcslen
                                                                • String ID: *$LPT
                                                                • API String ID: 1725874428-3443410124
                                                                • Opcode ID: 1354c4ad796cafb8f5eac41d28d3d5fd67c87226d68f7f68944adfbf625dfc97
                                                                • Instruction ID: f34b961228da997e26cd3d70436179e2c03c543804863219fc820fa39e062ff7
                                                                • Opcode Fuzzy Hash: 1354c4ad796cafb8f5eac41d28d3d5fd67c87226d68f7f68944adfbf625dfc97
                                                                • Instruction Fuzzy Hash: 739173759002459FCB14DF58C484EA9BBF2BF88308F1580D9E84A5F362DB35ED89CB50
                                                                Function 0060E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __startOneArgErrorHandling.LIBCMT ref: 0060E30D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorHandling__start
                                                                • String ID: pow
                                                                • API String ID: 3213639722-2276729525
                                                                • Opcode ID: 53ba0f5105f15af0f953e4569f24a3502c097ae53088ddd0297fd76fa148b692
                                                                • Instruction ID: 76f77b46e91e901a9b2f29211ea3f93ed276a784fa8569f62b15ab4e2658171a
                                                                • Opcode Fuzzy Hash: 53ba0f5105f15af0f953e4569f24a3502c097ae53088ddd0297fd76fa148b692
                                                                • Instruction Fuzzy Hash: D9510771A8C106A6CB196714D9513EB3BF7AF40740F384D98E095423E9DA368CD29A8A
                                                                Function 00667771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(0063569E,00000000,?,0067CC08,?,00000000,00000000), ref: 006678DD
                                                                  • Part of subcall function 005E6B57: _wcslen.LIBCMT ref: 005E6B6A
                                                                • CharUpperBuffW.USER32(0063569E,00000000,?,0067CC08,00000000,?,00000000,00000000), ref: 0066783B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: BuffCharUpper$_wcslen
                                                                • String ID: <sj
                                                                • API String ID: 3544283678-2068146069
                                                                • Opcode ID: f8e74ea6c1e5fc4a1d6a397ec21a9996e0a8c6f554416e691a5aefc370d8691f
                                                                • Instruction ID: a5cc7efd6a6735d47313bdb7ed375a05859cc1c8713a6ffa264baee9cc85246e
                                                                • Opcode Fuzzy Hash: f8e74ea6c1e5fc4a1d6a397ec21a9996e0a8c6f554416e691a5aefc370d8691f
                                                                • Instruction Fuzzy Hash: E161813291415AAACF08EBA1CC95DFDBBB6BF58304F544529F582B3191EF306E45CBA0
                                                                Function 005FE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1885708031
                                                                • Opcode ID: 0cee19cda1bdef2b8f3d5d91492fff26a5db01cceeb4d74b56b7f3e5c00646d4
                                                                • Instruction ID: cdae4c833df9a9a7a33aef2152984eabc8209e49284ae82ba1c944223545f352
                                                                • Opcode Fuzzy Hash: 0cee19cda1bdef2b8f3d5d91492fff26a5db01cceeb4d74b56b7f3e5c00646d4
                                                                • Instruction Fuzzy Hash: 5951343990024ADFDB18DF28C4866FA7FBAFF55310F644055E9919B2E0E7359D42CBA0
                                                                Function 005FF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNEL32(00000000), ref: 005FF2A2
                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 005FF2BB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: GlobalMemorySleepStatus
                                                                • String ID: @
                                                                • API String ID: 2783356886-2766056989
                                                                • Opcode ID: 79ec74633974209ddd6306f98a0edee82ddd779f15e9429ac5cdb74dc2697425
                                                                • Instruction ID: a2555f878326fc32a29baf9e829d467e266b294c70717ba8a3e3b1ec01ed151a
                                                                • Opcode Fuzzy Hash: 79ec74633974209ddd6306f98a0edee82ddd779f15e9429ac5cdb74dc2697425
                                                                • Instruction Fuzzy Hash: 75514B714087899BD320AF11DC8ABABBBF9FFC5300F81485DF1E941195EB319529CB66
                                                                Function 00665745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 006657E0
                                                                • _wcslen.LIBCMT ref: 006657EC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: BuffCharUpper_wcslen
                                                                • String ID: CALLARGARRAY
                                                                • API String ID: 157775604-1150593374
                                                                • Opcode ID: a330969737d1a435622925fbcf5244266a32e970a85cb4799a5313dcc8c96ea9
                                                                • Instruction ID: 5469f388a368fb9cac80e0a438c52fb4857760f1cd044ed5d89bf32df3964a1d
                                                                • Opcode Fuzzy Hash: a330969737d1a435622925fbcf5244266a32e970a85cb4799a5313dcc8c96ea9
                                                                • Instruction Fuzzy Hash: 51418171A0021A9FCB14DFA9C8869FEBBB6FF59320F14406DE506A7351E7349D81CB90
                                                                Function 0065D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0065D130
                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0065D13A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CrackInternet_wcslen
                                                                • String ID: |
                                                                • API String ID: 596671847-2343686810
                                                                • Opcode ID: af86a9ffd3962c1bab60a20903c0ec5a61d6da757d281f563d0278ab14f65dc2
                                                                • Instruction ID: 2824db03310b95f1d9f89957c81b4a459792e2d758373c8fbb16c4b49a1ef84f
                                                                • Opcode Fuzzy Hash: af86a9ffd3962c1bab60a20903c0ec5a61d6da757d281f563d0278ab14f65dc2
                                                                • Instruction Fuzzy Hash: 30313271D0010AABCF25EFA5CC45AEF7FBAFF54340F000059F915A61A1D731A946CB60
                                                                Function 0067356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00673621
                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0067365C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$DestroyMove
                                                                • String ID: static
                                                                • API String ID: 2139405536-2160076837
                                                                • Opcode ID: be3fbec53e6bea48c554d1cd467493548cf00d5c41e71cef1352b9ed9ab3591c
                                                                • Instruction ID: f12f191bbfbf04e6f90a9aeb1486913cc3e49212e49d1372d60a512304622891
                                                                • Opcode Fuzzy Hash: be3fbec53e6bea48c554d1cd467493548cf00d5c41e71cef1352b9ed9ab3591c
                                                                • Instruction Fuzzy Hash: F8318C71110204AEEB14DF78DC84AFB77AAFF88760F10D61DF9A997280DA31AD819760
                                                                Function 00674537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0067461F
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00674634
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: '
                                                                • API String ID: 3850602802-1997036262
                                                                • Opcode ID: 4ce8f2e0df6158943d7fd2bfee07d17c6b045c2b1c67ccfe440937173bd9e52a
                                                                • Instruction ID: 9bb9ef9dbc1c6f5396853fbf0d8985370c83caf3840f41fd5478325ccb8b4f3e
                                                                • Opcode Fuzzy Hash: 4ce8f2e0df6158943d7fd2bfee07d17c6b045c2b1c67ccfe440937173bd9e52a
                                                                • Instruction Fuzzy Hash: 233139B4A01209AFEB14CF69C994BDA7BB6FF49300F108069E908AB351DB70E941CF90
                                                                Function 006731EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0067327C
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00673287
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: Combobox
                                                                • API String ID: 3850602802-2096851135
                                                                • Opcode ID: 50fea000182fb285fec6c11b754d2e23d3a39b631e29033033e149f0c2dbe644
                                                                • Instruction ID: 3f499dc4a7d8c0060ef73decc3eca274cead6d9e676077c6771e54896c19a103
                                                                • Opcode Fuzzy Hash: 50fea000182fb285fec6c11b754d2e23d3a39b631e29033033e149f0c2dbe644
                                                                • Instruction Fuzzy Hash: CA1190713002197FEF259F54DC84EEB3B6BEB993A4F108128F928A7391D6319E519760
                                                                Function 00673710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 005E604C
                                                                  • Part of subcall function 005E600E: GetStockObject.GDI32(00000011), ref: 005E6060
                                                                  • Part of subcall function 005E600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 005E606A
                                                                • GetWindowRect.USER32(00000000,?), ref: 0067377A
                                                                • GetSysColor.USER32(00000012), ref: 00673794
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                • String ID: static
                                                                • API String ID: 1983116058-2160076837
                                                                • Opcode ID: 8c81f56cfda0b0305bf73c64a0df7c60010a22a14ba452cc263e19bae8b2ab37
                                                                • Instruction ID: ccbe2f929196d0bc2491a8e755af6da0747889634463c4b0514c84d0ea6cb0a3
                                                                • Opcode Fuzzy Hash: 8c81f56cfda0b0305bf73c64a0df7c60010a22a14ba452cc263e19bae8b2ab37
                                                                • Instruction Fuzzy Hash: E7116AB261021AAFDF04DFB8CC45EEA7BB9FB08354F004918F959E3250E735E8519B50
                                                                Function 0065CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0065CD7D
                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0065CDA6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$OpenOption
                                                                • String ID: <local>
                                                                • API String ID: 942729171-4266983199
                                                                • Opcode ID: c093438136fb88aa552ba3fb6a006a1f2afa3f26d01b268665db10542e140727
                                                                • Instruction ID: 64f257e61abd1e5009e733d50c2d288e1dc70770ce417909f5b2784ab873fa21
                                                                • Opcode Fuzzy Hash: c093438136fb88aa552ba3fb6a006a1f2afa3f26d01b268665db10542e140727
                                                                • Instruction Fuzzy Hash: 3211A071205735BED7284B668C49FE7BEBAEF527B5F00432AB909C2180D6609849D6F0
                                                                Function 00673429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowTextLengthW.USER32(00000000), ref: 006734AB
                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 006734BA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: LengthMessageSendTextWindow
                                                                • String ID: edit
                                                                • API String ID: 2978978980-2167791130
                                                                • Opcode ID: dac84a816c1f47f0e002bbc1dfe6845c6f5f04e2c162954fea29b6e9a96a4278
                                                                • Instruction ID: ab3002d710d23f310ddb5e858f9b2349c789ad5b7ff2750aed3823d1dcad9fe4
                                                                • Opcode Fuzzy Hash: dac84a816c1f47f0e002bbc1dfe6845c6f5f04e2c162954fea29b6e9a96a4278
                                                                • Instruction Fuzzy Hash: 3E11BF71100118AFEB158F64DC44AEB37ABEB15374F608328FA68933D8C731DC91A750
                                                                Function 00646C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00646CB6
                                                                • _wcslen.LIBCMT ref: 00646CC2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: STOP
                                                                • API String ID: 1256254125-2411985666
                                                                • Opcode ID: b74930cfae1e4063d93d1d1b5f885333fced8a49602aeea3d6a6717c899df837
                                                                • Instruction ID: 658bc8b5c856796ea7ce2785d45449f472ff8cdb234a53f7e001db2dfff687bc
                                                                • Opcode Fuzzy Hash: b74930cfae1e4063d93d1d1b5f885333fced8a49602aeea3d6a6717c899df837
                                                                • Instruction Fuzzy Hash: 1801C432A005278ACB24AFBDDC859FF77A7FFA37147500538F85296290EA31DD41C651
                                                                Function 00641CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 00643CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00643CCA
                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00641D4C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 961a3a86a388b5521a1a1d4002963165a3a3a0c29e523a0a7730bb08c18b5ce4
                                                                • Instruction ID: 1a25d7d68e296bff733a304a6c6b2040173c9d5e6c96d1016918fec9e3ee148f
                                                                • Opcode Fuzzy Hash: 961a3a86a388b5521a1a1d4002963165a3a3a0c29e523a0a7730bb08c18b5ce4
                                                                • Instruction Fuzzy Hash: F0012871A00219ABCB18FFA0CC55DFE776AFF43350B100919F8625B3D1EA305D498660
                                                                Function 00641BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 00643CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00643CCA
                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00641C46
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: ca83882f58e95b37b9bce39761f37fb5125d404d44d618644fa010123834f749
                                                                • Instruction ID: 14976f4debc867a6598a0044558b903c58ba76e2b991199838a2be7c7cdf8cea
                                                                • Opcode Fuzzy Hash: ca83882f58e95b37b9bce39761f37fb5125d404d44d618644fa010123834f749
                                                                • Instruction Fuzzy Hash: 4A01A77568111966CB18FB90CE95AFF77AAAB52340F140019A84667281EA249E4986B1
                                                                Function 00641C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 00643CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00643CCA
                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00641CC8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: e1e606dcffa356797cf1a5d482af953004e43a2ef7b9bfcf0c2f4b3f644d0b23
                                                                • Instruction ID: 210f1115acf94f95a2562cae4d55140cc8c5a0bcdc9afe59ea280f3c8193ae8c
                                                                • Opcode Fuzzy Hash: e1e606dcffa356797cf1a5d482af953004e43a2ef7b9bfcf0c2f4b3f644d0b23
                                                                • Instruction Fuzzy Hash: 9301D6716C011967CB18FBA1CE95AFE77AAAB12340F540019B84677381FA249F49C671
                                                                Function 005FA4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __Init_thread_footer.LIBCMT ref: 005FA529
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Init_thread_footer_wcslen
                                                                • String ID: ,%k$3yc
                                                                • API String ID: 2551934079-264884146
                                                                • Opcode ID: 60cea029f3cbf5c91b4fdc17dd83c97c6eac0d3dfe35c5f362388d510ea1ceda
                                                                • Instruction ID: 7df71ddc931ab36b51e7e8d7fc0753978c9a3f8647f73ad221c5a9dfd74c6d6e
                                                                • Opcode Fuzzy Hash: 60cea029f3cbf5c91b4fdc17dd83c97c6eac0d3dfe35c5f362388d510ea1ceda
                                                                • Instruction Fuzzy Hash: F0017BB274061A97CE18F768DC1FBBD3F56FB45710F500568F60A171C2EE149D418697
                                                                Function 00641D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005E9CB3: _wcslen.LIBCMT ref: 005E9CBD
                                                                  • Part of subcall function 00643CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00643CCA
                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00641DD3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: ac7e7653d07508d9e4c2ea851dedef5d35b2a2ea78f13eaa997d99be6297fb5a
                                                                • Instruction ID: bb6ee6df2e777d0c7f09eb69e5d34d0ddf9185c5ccb479524482d8df7984a1be
                                                                • Opcode Fuzzy Hash: ac7e7653d07508d9e4c2ea851dedef5d35b2a2ea78f13eaa997d99be6297fb5a
                                                                • Instruction Fuzzy Hash: 2AF0F4B1F4021566CB18F7A4CC96BFE776ABF42350F040919B862672C1EA605D488660
                                                                Function 00678172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,006B3018,006B305C), ref: 006781BF
                                                                • CloseHandle.KERNEL32 ref: 006781D1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateHandleProcess
                                                                • String ID: \0k
                                                                • API String ID: 3712363035-2680258789
                                                                • Opcode ID: ec3fda3be859a20789bb83c6346f1afa21b223b8956073275f0adeec1047a615
                                                                • Instruction ID: a84dff1ea563ad31bb4a298b5c7dcfd982d1ab62530024b4623ac4ffe44e6a00
                                                                • Opcode Fuzzy Hash: ec3fda3be859a20789bb83c6346f1afa21b223b8956073275f0adeec1047a615
                                                                • Instruction Fuzzy Hash: 1FF054F1780720BEE3147B656C59FB73A5EDF04764F005424BB0CD52A1D6769E8083B8
                                                                Function 0066747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: 3, 3, 16, 1
                                                                • API String ID: 176396367-3042988571
                                                                • Opcode ID: 5655a31ee84421c2c05be1592d7146db1cc55c1a26d488e70e4fb2198f2b573b
                                                                • Instruction ID: d959d16abf7d78dd05a20f5ffbf6b370dcef612ca9e5a8cd7e7689f5c6cf4782
                                                                • Opcode Fuzzy Hash: 5655a31ee84421c2c05be1592d7146db1cc55c1a26d488e70e4fb2198f2b573b
                                                                • Instruction Fuzzy Hash: FDE02B4224522010D2752279DCC5ABF57CBCFC5B50B10183FFE81C23A6EE948D9193E4
                                                                Function 00640B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00640B23
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: AutoIt$Error allocating memory.
                                                                • API String ID: 2030045667-4017498283
                                                                • Opcode ID: 8d4dbf61c90b12a60db9c71aa1310b28cb425bc3c7f14bc096b46046d06e5dde
                                                                • Instruction ID: 550d800c4c5a659930c1ce0fc8ac4825bd3ab93c7f83306fff9afb9beefcc4e8
                                                                • Opcode Fuzzy Hash: 8d4dbf61c90b12a60db9c71aa1310b28cb425bc3c7f14bc096b46046d06e5dde
                                                                • Instruction Fuzzy Hash: 56E0D83228431926D2583654BC07F897E86DF05B64F10442EF78C995C3CEE2649046AD
                                                                Function 00600D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 005FF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00600D71,?,?,?,005E100A), ref: 005FF7CE
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,005E100A), ref: 00600D75
                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,005E100A), ref: 00600D84
                                                                Strings
                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00600D7F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                • API String ID: 55579361-631824599
                                                                • Opcode ID: c1d4998837896b89a58ac9c0205d58a82919f4d4b98111bea505af1866ffabca
                                                                • Instruction ID: fcad1968ffe176374e06ff32c92104b580bca03dd8b5bcc8f9ae39fda659e5f1
                                                                • Opcode Fuzzy Hash: c1d4998837896b89a58ac9c0205d58a82919f4d4b98111bea505af1866ffabca
                                                                • Instruction Fuzzy Hash: 2AE06D702007418BE364AFB8E8087437BE2FF00744F00892DE49AC6692EBB5E5848BA1
                                                                Function 005FE398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __Init_thread_footer.LIBCMT ref: 005FE3D5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Init_thread_footer
                                                                • String ID: 0%k$8%k
                                                                • API String ID: 1385522511-3140963459
                                                                • Opcode ID: 32ad67b042956ca81a4dab7c7f43861c70e00a3e68f30efbb088a2d4b54a8007
                                                                • Instruction ID: 28de8d82b771b6227ee25b80b08855d2e5f4d3e7980c25780d0badd8ce2c488f
                                                                • Opcode Fuzzy Hash: 32ad67b042956ca81a4dab7c7f43861c70e00a3e68f30efbb088a2d4b54a8007
                                                                • Instruction Fuzzy Hash: E7E02073440919CBC7349B18B87EAE837D7FB04320B101A68E203471E19B3438C18659
                                                                Function 00653017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0065302F
                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00653044
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: Temp$FileNamePath
                                                                • String ID: aut
                                                                • API String ID: 3285503233-3010740371
                                                                • Opcode ID: bf14f4eec309dbed716097e62f537d6eb3b3d4acf65a2c9c83b61cc2035abb1b
                                                                • Instruction ID: fe7fe4bf9c6c0cc9098aabf0902a7eaaa01bc78d543bde2ac0897043b4c0b96b
                                                                • Opcode Fuzzy Hash: bf14f4eec309dbed716097e62f537d6eb3b3d4acf65a2c9c83b61cc2035abb1b
                                                                • Instruction Fuzzy Hash: 9ED05B7250031467DB20A7949C0DFC73A6CD705760F0001517655D2091DAB09F84CBD0
                                                                Function 0063D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: LocalTime
                                                                • String ID: %.3d$X64
                                                                • API String ID: 481472006-1077770165
                                                                • Opcode ID: 678bd5b2140ffa66409d47d5c19d761b72a8d435ae42efbdd6701fecb227b353
                                                                • Instruction ID: f66ca8eb61149472140bc366383ee9600cec64ce8b47d144e208275b144f5edb
                                                                • Opcode Fuzzy Hash: 678bd5b2140ffa66409d47d5c19d761b72a8d435ae42efbdd6701fecb227b353
                                                                • Instruction Fuzzy Hash: 24D01261808109E9CB9096D0EC498BBB77EBB18301F608452FE06D1041EA38C7496BA1
                                                                Function 00672356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0067236C
                                                                • PostMessageW.USER32(00000000), ref: 00672373
                                                                  • Part of subcall function 0064E97B: Sleep.KERNEL32 ref: 0064E9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: b68ddfe33813c13ad6354a23b068bfa06fb0faa9730f5a6381dabfa85edb654d
                                                                • Instruction ID: aa4bf2fdb448f9a552c627e9d419d01c990f4b983b1f38d2f2c2f864770a21ed
                                                                • Opcode Fuzzy Hash: b68ddfe33813c13ad6354a23b068bfa06fb0faa9730f5a6381dabfa85edb654d
                                                                • Instruction Fuzzy Hash: 6ED0C932391310BAE7A8B770DC4FFC6A616AB05B20F01591AB649AA1D0C9A1A8418A58
                                                                Function 00672322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0067232C
                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0067233F
                                                                  • Part of subcall function 0064E97B: Sleep.KERNEL32 ref: 0064E9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: 85a5de277aba9fbae7b995d831756d062f948fc94cbd7821f18b95a736b6ca0e
                                                                • Instruction ID: b4e6d1c649075270b75497f5c6b6f4b409af4abaee2f5029440718c9acb8d79b
                                                                • Opcode Fuzzy Hash: 85a5de277aba9fbae7b995d831756d062f948fc94cbd7821f18b95a736b6ca0e
                                                                • Instruction Fuzzy Hash: 52D01236394310B7E7A8B770DC4FFC6BA16AB00B20F01591EB749AA1D0C9F1A841CE54
                                                                Function 0061BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0061BE93
                                                                • GetLastError.KERNEL32 ref: 0061BEA1
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0061BEFC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2002473986.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                • Associated: 00000000.00000002.2002458543.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.000000000067C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002526619.00000000006A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002575392.00000000006AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2002592644.00000000006B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                • String ID:
                                                                • API String ID: 1717984340-0
                                                                • Opcode ID: e1eef147a70186d5f1eda04b1aa7ff8b2654b53bd095404d3b1e938ba3647ebf
                                                                • Instruction ID: 7bd17c590e08b2e8f654d97dc48e3bfd0288ea3439cbfe15809cc0e4dbd38485
                                                                • Opcode Fuzzy Hash: e1eef147a70186d5f1eda04b1aa7ff8b2654b53bd095404d3b1e938ba3647ebf
                                                                • Instruction Fuzzy Hash: F541E734600206AFCF258FA5CC44AFA7BA7EF41360F18916DF959972E1DB308D82CB50