Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1502496
MD5:449530cf1e296159dab207cacf028a1e
SHA1:1856b7d8b8669b278a5fccbb0f46d94e6686016d
SHA256:bc8f755dba4ff865f12881eaa431e3048acc715cc8cd4b2687bf137eb9cca372
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7064 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 449530CF1E296159DAB207CACF028A1E)
    • msedge.exe (PID: 7156 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6728 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2028,i,249939025956985432,7264132615848075061,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 6324 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 772 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 4208 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8408 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2180 -prefMapHandle 2172 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff184538-9ec4-40f1-a485-b9958cfa9ec0} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 26789c6f110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8736 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4460 -parentBuildID 20230927232528 -prefsHandle 4452 -prefMapHandle 4448 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8d1b33f-8176-45ae-b472-b7c5dd6dabe6} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 2679bee0510 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5480 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5528 -prefMapHandle 5516 -prefsLen 34094 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96304a8a-3b32-4829-afcc-9c45cdc9719b} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 267a375cf10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7092 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7608 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8296 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6344 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8328 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6524 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 9104 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 9128 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 6568 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7416 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 6028 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4476 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2096,i,9877581988244495231,1586528081353476286,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8960 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7364 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2068,i,8933014677616933808,2190198672335111100,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 26%
Source: file.exeVirustotal: Detection: 24%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.65.39.4:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49833 version: TLS 1.2
Source: Binary string: webauthn.pdb source: firefox.exe, 00000005.00000003.2292779211.00000267A56E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 00000005.00000003.2295260908.0000026799C27000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000005.00000003.2295260908.0000026799C27000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000005.00000003.2294770200.0000026799C1F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: netprofm.pdb source: firefox.exe, 00000005.00000003.2293652346.00000267A56E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000005.00000003.2292779211.00000267A56E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000005.00000003.2294770200.0000026799C1F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000005.00000003.2293652346.00000267A56E1000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00FADBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB68EE FindFirstFileW,FindClose,0_2_00FB68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00FB698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00FAD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00FAD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00FB9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00FB979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00FB9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00FB5C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 94MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 23.55.235.170 23.55.235.170
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00FBCE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=8684241135348538038&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1Host: arc.msn.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZVekCw97fYuOor9&MD=ghGLhWAl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725832440&P2=404&P3=2&P4=X%2bQjRhQeLEIg9qu7zLTu4SfSmvSDjgLjTUkaOwkfZTHKCfmt6uO9Dcwh%2fVWTJQBtsGyU0IeVGNy30bsYWUeuxg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: V0lo/YuoQpYuV0JrnR6YpISec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZVekCw97fYuOor9&MD=ghGLhWAl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2256679725.00000267A36D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.1764215387.000002679A6CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043866277.000002679A6BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046434914.000002679A6CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2114681549.00000267981DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2114681549.00000267981DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000010.00000002.2904582839.000001EC87403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000002.2904582839.000001EC87403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000002.2904582839.000001EC87403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1764215387.000002679A6CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043866277.000002679A6BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046434914.000002679A6CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2046484362.000002679A2FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Length: 326Content-Type: text/html; charset=us-asciiDate: Sun, 01 Sep 2024 21:55:00 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.65a13617.1725227700.10bca39dAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: firefox.exe, 00000005.00000003.1815397665.000002679869E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292253427.0000026799BFB000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2042870143.00000267981DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114997573.0000026795DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2048991481.00000267986BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050622856.0000026795DC3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292253427.0000026799BFB000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292253427.0000026799BFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000005.00000003.1811635544.000002679BE79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049127099.00000267981FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114997573.0000026795DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2041612999.000002679BE92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.1815269135.0000026799919000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815303709.00000267986BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815303709.00000267986BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.1868938829.0000026795481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000005.00000003.1868938829.0000026795481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressionsP5
Source: firefox.exe, 00000005.00000003.2259778293.00000267A38C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2260392487.00000267A38D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1810563886.000002679D012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1799285740.00000267973F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270917016.0000026799FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1766786478.000002679BEC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1757011648.000002679C6F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806048710.0000026799DEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267712913.00000267A38E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1764215387.000002679A6CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815425790.0000026798659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336442758.00000267A60B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2041391122.000002679BFC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801490866.000002679AAC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253847397.00000267A35DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1770576344.000002679D07C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267712913.00000267A38D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1770576344.000002679D04F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337598521.00000267A60B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277248675.0000026799FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2054300838.00000267973F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292253427.0000026799BFB000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291778007.0000026799C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050622856.0000026795DC3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291070680.0000026799C09000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291336325.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290569785.0000026799C16000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292253427.0000026799BFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2317034376.0000026796D33000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2317229946.0000026796D33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000005.00000003.2316800000.0000026796D33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com(
Source: firefox.exe, 00000005.00000003.2317891330.0000026796D29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/de=t
Source: firefox.exe, 00000005.00000003.2314134123.0000026796D32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000005.00000003.2317891330.0000026796D29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: firefox.exe, 00000005.00000003.2316800000.0000026796D33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comg
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050622856.0000026795DC3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2042549236.0000026799951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814982188.0000026799E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811414284.000002679BFB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016618429.0000026799E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867203327.0000026796B97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049473982.0000026796B97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1864854895.0000026799951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815098781.0000026799951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815889523.0000026796B97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046882239.0000026799951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2048930556.0000026799E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811555050.000002679BF5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814074800.000002679BFB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.1814982188.0000026799E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811414284.000002679BFB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016618429.0000026799E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2048930556.0000026799E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814074800.000002679BFB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 00000005.00000003.2314609741.0000026796D32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2315137640.0000026796D32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2314874093.0000026796D33000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2315039498.0000026796D32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2314134123.0000026796D32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: firefox.exe, 00000005.00000003.2314609741.0000026796D32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com$e
Source: firefox.exe, 00000005.00000003.2314874093.0000026796D33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comcom
Source: firefox.exe, 00000005.00000003.2314609741.0000026796D32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comg
Source: mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708664807.0000026797C81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.1757011648.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1773634808.000002679C6C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.1811287805.000002679BFBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2041391122.000002679BFBE000.00000004.00000800.00020000.00000000.sdmp, Session_13369701236535882.7.drString found in binary or memory: https://accounts.google.com
Source: Session_13369701236535882.7.dr, 000003.log6.7.drString found in binary or memory: https://accounts.google.com/
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: recovery.jsonlz4.tmp.5.drString found in binary or memory: https://accounts.google.com/ServiceLogin?s
Source: firefox.exe, 0000000B.00000002.2902179511.0000021AD9AAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2902877649.000001DB6B1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?se
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13369701236535882.7.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.1652577693.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1652577693.0000000001530000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1648117359.0000000001530000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1648117359.000000000154C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1652577693.000000000154C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1650664403.0000017F9D19D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1651119833.0000017F9D1A2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2284986203.00000267A3AB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277570153.00000267A3AB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000B.00000002.2902179511.0000021AD9AAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C
Source: firefox.exe, 00000019.00000002.2902877649.000001DB6B1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C=
Source: file.exe, 00000000.00000002.1652577693.0000000001523000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1648117359.0000000001523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdNN
Source: file.exe, 00000000.00000002.1652577693.0000000001530000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1648117359.0000000001530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdv
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049127099.00000267981FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2285325543.000002679B889000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 00000005.00000003.2046484362.000002679A2FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2256679725.00000267A36D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2051282707.0000026795D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2051282707.0000026795D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000005.00000003.2050444730.0000026795DD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114997573.0000026795DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2050444730.0000026795DD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114997573.0000026795DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283471411.00000267A40B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000005.00000003.2281648241.00000267A40C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283471411.00000267A40B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000005.00000003.2278529616.00000267A40AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283471411.00000267A40B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000005.00000003.2278529616.00000267A40AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283471411.00000267A40B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000005.00000003.2281648241.00000267A40C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283471411.00000267A40B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283441048.00000267A3ACB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283471411.00000267A40B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000005.00000003.2278529616.00000267A40AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000005.00000003.2278529616.00000267A40AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: Reporting and NEL.7.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.7.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.7.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.7.drString found in binary or memory: https://chromewebstore.google.com/
Source: 6afa0521-d822-4326-9979-8b381a72080b.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.7.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 6afa0521-d822-4326-9979-8b381a72080b.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708664807.0000026797C81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2260392487.00000267A38D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.7.drString found in binary or memory: https://docs.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000005.00000003.1812196939.000002679A0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269375053.00000267A39FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708664807.0000026797C81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000005.00000003.2016928265.00000267981BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711256252.0000026797233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1808156085.0000026797239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711664886.0000026797231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053586246.0000026797234000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801967569.0000026797238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log1.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log2.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.7.dr, 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.7.dr, 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.7.dr, 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log1.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.7.dr, 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.7.dr, 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.7.dr, 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.7.dr, 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000005.00000003.2016928265.00000267981BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711256252.0000026797233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1808156085.0000026797239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711664886.0000026797231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053586246.0000026797234000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801967569.0000026797238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000019.00000002.2903339774.000001DB6B313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2253115731.00000267A3142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2251845402.00000267A313D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252743130.00000267A318B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000019.00000002.2903339774.000001DB6B313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000019.00000002.2903339774.000001DB6B3C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000019.00000002.2903339774.000001DB6B3C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC8742F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000002.2903339774.000001DB6B3C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000019.00000002.2903339774.000001DB6B3C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2041391122.000002679BFBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000005.00000003.1766786478.000002679BEC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1774468160.000002679BEC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811600790.000002679BEC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 00000005.00000003.2285325543.000002679B881000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000005.00000003.2271513377.00000267A3D52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000005.00000003.2050863286.0000026795DBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114997573.0000026795DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.1757011648.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1773634808.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2238899950.00000F91B7680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.2238899950.00000F91B7680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
Source: firefox.exe, 00000005.00000003.1757011648.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1773634808.000002679C6C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://m.kugou.com/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://m.soundcloud.com/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000005.00000003.2016928265.00000267981BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711256252.0000026797233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1808156085.0000026797239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711664886.0000026797231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053586246.0000026797234000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801967569.0000026797238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000005.00000003.2016928265.00000267981BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711256252.0000026797233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1808156085.0000026797239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711664886.0000026797231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053586246.0000026797234000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801967569.0000026797238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.2016928265.00000267981BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711256252.0000026797233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1808156085.0000026797239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711664886.0000026797231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053586246.0000026797234000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801967569.0000026797238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000B.00000002.2904137634.0000021AD9E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC87492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.1815589831.00000267981C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://music.amazon.com
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://music.apple.com
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://open.spotify.com
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.2016928265.00000267981BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711256252.0000026797233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1808156085.0000026797239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711664886.0000026797231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053586246.0000026797234000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801967569.0000026797238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2016928265.00000267981BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711256252.0000026797233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1808156085.0000026797239000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1711664886.0000026797231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053586246.0000026797234000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801967569.0000026797238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.1815787457.0000026798186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049127099.00000267981FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000005.00000003.2049251004.0000026798154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000005.00000003.2049251004.0000026798154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000005.00000003.2049251004.0000026798154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000005.00000003.2049251004.0000026798154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000005.00000003.2049251004.0000026798154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.1815589831.00000267981C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000005.00000003.2260392487.00000267A38D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2044039694.000002679A074000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1862987095.000002679A074000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814547989.000002679A074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.2044039694.000002679A074000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1862987095.000002679A074000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814547989.000002679A074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000019.00000002.2903339774.000001DB6B313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000005.00000003.2256679725.00000267A36D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000005.00000003.2046484362.000002679A2FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2256679725.00000267A36D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.1815589831.00000267981C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2042549236.0000026799951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050444730.0000026795DD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046882239.0000026799951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114997573.0000026795DD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://web.telegram.org/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814691799.000002679A04F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269375053.00000267A39FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708664807.0000026797C81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.2262076696.00000267A36D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000005.00000003.2291733199.0000026799C0B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290531614.0000026799C05000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291938952.0000026799C0D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: content_new.js.7.dr, content.js.7.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.2248603761.000002679C321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2246673546.00000267A2C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708664807.0000026797C81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814691799.000002679A04F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269375053.00000267A39FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708664807.0000026797C81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.instagram.com
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.last.fm/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000003.2049473982.0000026796B9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2253115731.00000267A3142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2251845402.00000267A313D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252743130.00000267A318B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: targeting.snapshot.json.tmp.5.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000019.00000002.2903339774.000001DB6B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/0
Source: firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/Y
Source: firefox.exe, 00000005.00000003.1757011648.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1773634808.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815425790.0000026798690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: firefox.exe, 00000005.00000003.2238899950.00000F91B7680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comZ
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.office.com
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/Office
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000005.00000003.2238899950.00000F91B7680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.caG9
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC87403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: 93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.65.39.4:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49833 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00FBEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00FBED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00FBEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00FAAA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00FD9576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_8a1e2836-a
Source: file.exe, 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_34fa17f5-3
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_4964b42a-d
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_c21eb600-2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001EC873EA6F7 NtQuerySystemInformation,16_2_000001EC873EA6F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001EC873E2DF2 NtQuerySystemInformation,16_2_000001EC873E2DF2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00FAD5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00FA1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00FAE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F480600_2_00F48060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB20460_2_00FB2046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA82980_2_00FA8298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7E4FF0_2_00F7E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7676B0_2_00F7676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD48730_2_00FD4873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4CAF00_2_00F4CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6CAA00_2_00F6CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F5CC390_2_00F5CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F76DD90_2_00F76DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F491C00_2_00F491C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F5B1190_2_00F5B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F613940_2_00F61394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F617060_2_00F61706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6781B0_2_00F6781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F619B00_2_00F619B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F5997D0_2_00F5997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F479200_2_00F47920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F67A4A0_2_00F67A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F67CA70_2_00F67CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F61C770_2_00F61C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F79EEE0_2_00F79EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCBE440_2_00FCBE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F61F320_2_00F61F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001EC873EA6F716_2_000001EC873EA6F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001EC873E2DF216_2_000001EC873E2DF2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001EC873E351C16_2_000001EC873E351C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001EC873E2E3216_2_000001EC873E2E32
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F5F9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F60A30 appears 46 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@75/346@52/24
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB37B5 GetLastError,FormatMessageW,0_2_00FB37B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA10BF AdjustTokenPrivileges,CloseHandle,0_2_00FA10BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00FA16C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00FB51CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_00FAD4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00FB648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F442A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00F442A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4E270-1BF4.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeReversingLabs: Detection: 26%
Source: file.exeVirustotal: Detection: 24%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2028,i,249939025956985432,7264132615848075061,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6344 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6524 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2180 -prefMapHandle 2172 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff184538-9ec4-40f1-a485-b9958cfa9ec0} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 26789c6f110 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4460 -parentBuildID 20230927232528 -prefsHandle 4452 -prefMapHandle 4448 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8d1b33f-8176-45ae-b472-b7c5dd6dabe6} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 2679bee0510 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2096,i,9877581988244495231,1586528081353476286,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2068,i,8933014677616933808,2190198672335111100,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7416 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5528 -prefMapHandle 5516 -prefsLen 34094 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96304a8a-3b32-4829-afcc-9c45cdc9719b} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 267a375cf10 utility
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2028,i,249939025956985432,7264132615848075061,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2180 -prefMapHandle 2172 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff184538-9ec4-40f1-a485-b9958cfa9ec0} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 26789c6f110 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4460 -parentBuildID 20230927232528 -prefsHandle 4452 -prefMapHandle 4448 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8d1b33f-8176-45ae-b472-b7c5dd6dabe6} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 2679bee0510 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5528 -prefMapHandle 5516 -prefsLen 34094 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96304a8a-3b32-4829-afcc-9c45cdc9719b} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 267a375cf10 utilityJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6344 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6524 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7416 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2096,i,9877581988244495231,1586528081353476286,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2068,i,8933014677616933808,2190198672335111100,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: webauthn.pdb source: firefox.exe, 00000005.00000003.2292779211.00000267A56E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 00000005.00000003.2295260908.0000026799C27000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000005.00000003.2295260908.0000026799C27000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000005.00000003.2294770200.0000026799C1F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: netprofm.pdb source: firefox.exe, 00000005.00000003.2293652346.00000267A56E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000005.00000003.2292779211.00000267A56E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000005.00000003.2294770200.0000026799C1F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000005.00000003.2293652346.00000267A56E1000.00000004.00000020.00020000.00000000.sdmp
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00F442DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F60A76 push ecx; ret 0_2_00F60A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F5F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00F5F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00FD1C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96689
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001EC873EA6F7 rdtsc 16_2_000001EC873EA6F7
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00FADBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB68EE FindFirstFileW,FindClose,0_2_00FB68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00FB698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00FAD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00FAD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00FB9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00FB979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00FB9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00FB5C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00F442DE
Source: file.exe, 00000000.00000003.1648117359.0000000001530000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}1E
Source: firefox.exe, 0000000B.00000002.2908143641.0000021ADA102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2908143641.0000021ADA100000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2907676983.000001EC87A00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906779237.000001DB6B4C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000B.00000002.2907181645.0000021ADA013000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000019.00000002.2902877649.000001DB6B1CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW /Lk
Source: firefox.exe, 00000010.00000002.2902061961.000001EC870FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`)
Source: firefox.exe, 0000000B.00000002.2902179511.0000021AD9AAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: firefox.exe, 0000000B.00000002.2908143641.0000021ADA102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2907676983.000001EC87A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001EC873EA6F7 rdtsc 16_2_000001EC873EA6F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBEAA2 BlockInput,0_2_00FBEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F72622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F72622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00F442DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F64CE8 mov eax, dword ptr fs:[00000030h]0_2_00F64CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00FA0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F72622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F72622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F6083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F609D5 SetUnhandledExceptionFilter,0_2_00F609D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F60C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00F60C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00FA1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F82BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00F82BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAB226 SendInput,keybd_event,0_2_00FAB226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00FC22DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00FA0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00FA1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F60698 cpuid 0_2_00F60698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00FB8195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9D27A GetUserNameW,0_2_00F9D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00F7BB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00F442DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00FC1204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00FC1806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1502496 Sample: file.exe Startdate: 01/09/2024 Architecture: WINDOWS Score: 68 50 us-west1.prod.sumo.prod.webservices.mozgcp.net 2->50 52 telemetry-incoming.r53-2.services.mozilla.com 2->52 54 24 other IPs or domains 2->54 72 Multi AV Scanner detection for submitted file 2->72 74 Binary is likely a compiled AutoIt script file 2->74 76 Machine Learning detection for sample 2->76 78 AI detected suspicious sample 2->78 8 file.exe 1 2->8         started        11 msedge.exe 150 525 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 80 Binary is likely a compiled AutoIt script file 8->80 82 Found API chain indicative of sandbox detection 8->82 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        68 192.168.2.4, 138, 443, 49567 unknown unknown 11->68 70 239.255.255.250 unknown Reserved 11->70 84 Maps a DLL or memory area into another process 11->84 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 211 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        56 13.107.246.40, 443, 49769, 49770 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 58 s-part-0029.t-0009.t-msedge.net 13.107.246.57, 443, 49755, 49756 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->58 64 15 other IPs or domains 22->64 60 services.addons.mozilla.org 18.65.39.4, 443, 49805 MIT-GATEWAYSUS United States 29->60 62 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49786, 49787, 49806 GOOGLEUS United States 29->62 66 8 other IPs or domains 29->66 46 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->46 dropped 48 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->48 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        44 firefox.exe 29->44         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe25%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
s-part-0029.t-0009.t-msedge.net0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
contile.services.mozilla.com0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
prod.ads.prod.webservices.mozgcp.net0%VirustotalBrowse
push.services.mozilla.com0%VirustotalBrowse
spocs.getpocket.com0%VirustotalBrowse
us-west1.prod.sumo.prod.webservices.mozgcp.net0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
prod.content-signature-chains.prod.webservices.mozgcp.net0%VirustotalBrowse
content-signature-2.cdn.mozilla.net0%VirustotalBrowse
support.mozilla.org0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
shavar.services.mozilla.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
http://exslt.org/dates-and-times0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://www.msn.comZ0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
http://www.fontbureau.com/de=t0%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://chromewebstore.google.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
http://x1.c.lencr.org/00%URL Reputationsafe
http://x1.i.lencr.org/00%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
https://www.msn.com0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://i.y.qq.com/n2/m/index.html0%Avira URL Cloudsafe
https://www.youtube.com0%VirustotalBrowse
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://www.msn.com0%VirustotalBrowse
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
https://www.instagram.com0%VirustotalBrowse
https://docs.google.com/0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%VirustotalBrowse
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://web.telegram.org/0%VirustotalBrowse
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
chrome.cloudflare-dns.com
172.64.41.3
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
18.65.39.4
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
contile.services.mozilla.com
34.117.188.166
truefalseunknown
s-part-0029.t-0009.t-msedge.net
13.107.246.57
truefalseunknown
prod.content-signature-chains.prod.webservices.mozgcp.net
34.160.144.191
truefalseunknown
us-west1.prod.sumo.prod.webservices.mozgcp.net
34.149.128.2
truefalseunknown
ipv4only.arpa
192.0.0.171
truefalseunknown
prod.ads.prod.webservices.mozgcp.net
34.117.188.166
truefalseunknown
push.services.mozilla.com
34.107.243.93
truefalseunknown
googlehosted.l.googleusercontent.com
142.250.185.161
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
spocs.getpocket.com
unknown
unknownfalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
content-signature-2.cdn.mozilla.net
unknown
unknownfalseunknown
support.mozilla.org
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown
shavar.services.mozilla.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.7.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.7.drfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000019.00000002.2903339774.000001DB6B3C8000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://detectportal.firefox.com/firefox.exe, 00000005.00000003.2041612999.000002679BE92000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://www.msn.comZfirefox.exe, 00000005.00000003.2238899950.00000F91B7680000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.fontbureau.com/de=tfirefox.exe, 00000005.00000003.2317891330.0000026796D29000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.mozilla.com0firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050622856.0000026795DC3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • URL Reputation: safe
unknown
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000B.00000002.2904137634.0000021AD9E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC87492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B387000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersfirefox.exe, 00000005.00000003.2314134123.0000026796D32000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 00000005.00000003.2262076696.00000267A36D1000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.google.com/manifest.json.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comfirefox.exe, 00000005.00000003.1815589831.00000267981C4000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.youtube.com93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708664807.0000026797C81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.2046484362.000002679A2FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2256679725.00000267A36D2000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.instagram.com93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814691799.000002679A04F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269375053.00000267A39FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708664807.0000026797C81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.com/firefox.exe, 00000005.00000003.1815787457.0000026798186000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.msn.comfirefox.exe, 00000005.00000003.1757011648.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1773634808.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815425790.0000026798690000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/mail/compose?isExtension=true93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.1708017521.0000026797C2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707326719.0000026799800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1707873696.0000026797C17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708274657.0000026797C57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708158360.0000026797C41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1708543673.0000026797C6C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://i.y.qq.com/n2/m/index.html93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.deezer.com/93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://web.telegram.org/93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comfirefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.7.drfalse
  • URL Reputation: safe
unknown
http://exslt.org/dates-and-timesfirefox.exe, 00000005.00000003.1868938829.0000026795481000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000005.00000003.1815889523.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1868938829.00000267954B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2904137634.0000021AD9ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC874CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2906972522.000001DB6B605000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://excel.new?from=EdgeM365Shoreline93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://www.youtube.com/firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2904582839.000001EC87403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2903339774.000001DB6B30C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000005.00000003.2282769582.00000267A40A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278529616.00000267A40BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283471411.00000267A40B1000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000019.00000002.2903339774.000001DB6B3C8000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://127.0.0.1:firefox.exe, 00000005.00000003.1815397665.000002679869E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000005.00000003.2278529616.00000267A40AB000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000005.00000003.2260392487.00000267A38D9000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bugzilla.mofirefox.exe, 00000005.00000003.1867839437.0000026796B3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B3A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://amazon.comfirefox.exe, 00000005.00000003.1867839437.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049922480.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816325890.0000026796B2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2114798882.0000026796B15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000005.00000003.2256679725.00000267A36D2000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://chromewebstore.google.com/manifest.json0.7.drfalse
  • URL Reputation: safe
unknown
https://drive-preprod.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstore/manifest.json0.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://spocs.getpocket.com/firefox.exe, 00000019.00000002.2903339774.000001DB6B313000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.office.com93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/0/93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2017629852.0000026796B15000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.2047199286.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2016978013.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815589831.00000267981AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865643818.00000267981AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2043090079.00000267981AE000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tidal.com/93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.2259778293.00000267A38C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2260392487.00000267A38D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1810563886.000002679D012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1799285740.00000267973F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270917016.0000026799FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1766786478.000002679BEC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1757011648.000002679C6F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1806048710.0000026799DEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267712913.00000267A38E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1764215387.000002679A6CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815425790.0000026798659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336442758.00000267A60B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2041391122.000002679BFC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1801490866.000002679AAC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253847397.00000267A35DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1770576344.000002679D07C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267712913.00000267A38D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1770576344.000002679D04F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337598521.00000267A60B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277248675.0000026799FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2054300838.00000267973F1000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://account.bellmedia.cfirefox.exe, 00000005.00000003.1757011648.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1773634808.000002679C6C9000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.tsn.caG9firefox.exe, 00000005.00000003.2238899950.00000F91B7680000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://gaana.com/93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://login.microsoftonline.comfirefox.exe, 00000005.00000003.1757011648.000002679C6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1773634808.000002679C6C9000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2053815686.000002679AB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050622856.0000026795DC3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
http://x1.c.lencr.org/0firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://x1.i.lencr.org/0firefox.exe, 00000005.00000003.2048383090.000002679B1D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1811791365.000002679B1D3000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/mail/compose?isExtension=true93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 00000005.00000003.2246479849.000002679AD61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338983164.000002679AD2A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000B.00000002.2906866989.0000021AD9F00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2902973905.000001EC87340000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2906249219.000001DB6B420000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.55.235.170
unknownUnited States
20940AKAMAI-ASN1EUfalse
142.251.40.106
unknownUnited States
15169GOOGLEUSfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
34.117.188.166
contile.services.mozilla.comUnited States
139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
142.250.185.161
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
172.64.41.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
104.70.121.171
unknownUnited States
20940AKAMAI-ASN1EUfalse
13.107.246.57
s-part-0029.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
18.65.39.4
services.addons.mozilla.orgUnited States
3MIT-GATEWAYSUSfalse
34.107.243.93
push.services.mozilla.comUnited States
15169GOOGLEUSfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
20.96.153.111
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse
34.160.144.191
prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
142.250.72.110
unknownUnited States
15169GOOGLEUSfalse
142.251.35.164
unknownUnited States
15169GOOGLEUSfalse
172.253.115.84
unknownUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502496
Start date and time:2024-09-01 23:53:04 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:27
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal68.evad.winEXE@75/346@52/24
EGA Information:
  • Successful, ratio: 40%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 38
  • Number of non-executed functions: 309
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 64.233.184.84, 13.107.42.16, 142.250.186.142, 204.79.197.239, 13.107.21.239, 13.107.6.158, 2.19.126.152, 2.19.126.145, 2.23.209.130, 2.23.209.133, 2.23.209.187, 2.23.209.182, 2.23.209.149, 142.250.186.131, 172.217.18.99, 93.184.221.240, 192.229.221.95, 2.18.121.73, 2.18.121.79, 142.250.185.174, 216.58.206.78, 173.194.76.84, 54.244.114.242, 52.11.251.113, 35.81.254.255, 142.250.185.106, 142.250.186.138, 142.251.41.3, 142.251.35.163, 142.250.65.163
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, safebrowsing.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-www.bing.com.trafficmanager.net, edg
  • Execution Graph export aborted for target firefox.exe, PID 4208 because there are no executed function
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

TimeTypeDescription
17:54:54API Interceptor1x Sleep call for process: firefox.exe modified
22:54:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
22:54:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
  • www.aib.gov.uk/
NEW ORDER.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zs
PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/42Q
06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
  • 2s.gg/3zk
Quotation.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zM
23.55.235.170file.exeGet hashmaliciousAmadey, StealcBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                GrammarlyInstaller.evxSw76fmxki94ued2mj0c82.exeGet hashmaliciousUnknownBrowse
                  GrammarlyInstaller.evxSw76fmxki94ued2mj0c82.exeGet hashmaliciousUnknownBrowse
                    lmiXXjKzpz.exeGet hashmaliciousAmadey, RisePro StealerBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      prod.remote-settings.prod.webservices.mozgcp.netfile.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      file.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      file.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      file.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      file.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      file.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      file.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      file.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      file.exeGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                      • 34.149.100.209
                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 172.64.41.3
                      nitro.exeGet hashmaliciousLummaC StealerBrowse
                      • 172.64.41.3
                      services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                      • 18.65.39.112
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.23
                      file.exeGet hashmaliciousUnknownBrowse
                      • 18.65.39.85
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 18.65.39.31
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.23
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.48
                      MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                      • 3.165.136.19

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
                      • 23.44.201.5
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.96
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 23.200.0.42
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 23.219.161.132
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 23.55.235.170
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.200.0.9
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.200.0.9
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.44.133.38
                      aisuru.i686.elfGet hashmaliciousUnknownBrowse
                      • 172.232.34.247
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.54.161.105
                      EDGECASTUSfile.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.57
                      file.exeGet hashmaliciousUnknownBrowse
                      • 20.96.153.111
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 13.107.246.60
                      firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                      • 20.136.68.40
                      firmware.i586.elfGet hashmaliciousUnknownBrowse
                      • 40.103.228.120
                      firmware.i686.elfGet hashmaliciousUnknownBrowse
                      • 20.222.27.101
                      firmware.arm-linux-gnueabihf.elfGet hashmaliciousUnknownBrowse
                      • 52.108.136.144
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 13.107.246.60
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 13.107.246.60

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousUnknownBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      ^=L@test_PC_FilE_2024_as_P@ssKey=^.zipGet hashmaliciousGo InjectorBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      http://virastman.irGet hashmaliciousUnknownBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123
                      MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 18.65.39.4
                      • 34.160.144.191
                      • 34.120.208.123

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse

                                                              Created / dropped Files

                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_12df79fd-5566-4227-a39f-b2e696a09ba8.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):7610
                                                              Entropy (8bit):5.164239957536755
                                                              Encrypted:false
                                                              SSDEEP:192:CjMXJl+cbhbVbTbfbRbObtbyEl7nkrdJA6WnSrDtTJd/SkDrZY:CYOcNhnzFSJErYBnSrDhJd/TY
                                                              MD5:B4E3FB84D7D7F7D9E7B46A52DD775FAE
                                                              SHA1:55D0F268D7BD9E20A3D8610DA086E7C4F6666B83
                                                              SHA-256:EC0CD275F947125DE90A99273128EE5C5925B103B05BEA8A7BEC72C388792734
                                                              SHA-512:7DA6CF1B3E1C005CF2AE0B3B5A72764C866F01A3B2E981A81F3875D2D4C93E64E63831E2D6BD91244F3AEEDA574126154AD2C5727CB800C835D694FDB27BF232
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"12df79fd-5566-4227-a39f-b2e696a09ba8","creationDate":"2024-09-01T23:36:36.088Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_12df79fd-5566-4227-a39f-b2e696a09ba8.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):7610
                                                              Entropy (8bit):5.164239957536755
                                                              Encrypted:false
                                                              SSDEEP:192:CjMXJl+cbhbVbTbfbRbObtbyEl7nkrdJA6WnSrDtTJd/SkDrZY:CYOcNhnzFSJErYBnSrDhJd/TY
                                                              MD5:B4E3FB84D7D7F7D9E7B46A52DD775FAE
                                                              SHA1:55D0F268D7BD9E20A3D8610DA086E7C4F6666B83
                                                              SHA-256:EC0CD275F947125DE90A99273128EE5C5925B103B05BEA8A7BEC72C388792734
                                                              SHA-512:7DA6CF1B3E1C005CF2AE0B3B5A72764C866F01A3B2E981A81F3875D2D4C93E64E63831E2D6BD91244F3AEEDA574126154AD2C5727CB800C835D694FDB27BF232
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"12df79fd-5566-4227-a39f-b2e696a09ba8","creationDate":"2024-09-01T23:36:36.088Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0ed21c8e-b4c0-4445-8bf0-9d4606b046bd.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):8090
                                                              Entropy (8bit):5.815442688343646
                                                              Encrypted:false
                                                              SSDEEP:192:asNArHDqKeiRUl1QrkJB6qRAq1k8SPxVLZ7VTiq:asNAXrYKoJB6q3QxVNZTiq
                                                              MD5:1248198E27164084F8DC57D5BD846897
                                                              SHA1:0D2B2C354243771CFDF378E22989BD2D21B9C6AC
                                                              SHA-256:7B0462CCCC7B8E1550567A7B8C3591689A2C467A77A2FB2EE3EA62D8CEC32240
                                                              SHA-512:B8E1488F8AA4017D85E240790B5BEFA9AB5379AB69702769EEE9913534CC38B2CC6AB3A9B10F747766F06A6498A02309AABCD5E45F7E4738F4F55421D95DD5FA
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\52892a56-6d10-427a-8799-e10dfb633a9d.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):25051
                                                              Entropy (8bit):6.030816051082413
                                                              Encrypted:false
                                                              SSDEEP:768:FMGQ7FCYXGIgtDAWtJ4c1suZTgOUjWcJnh02tdL:FMGQ5XMBP1v2Rhj
                                                              MD5:D38C88BC47561CA16F0C28E206A2E553
                                                              SHA1:21D0781E21E85C2DDA2EB5C0B660190E210B47C9
                                                              SHA-256:D39FDCF1F49192A5BCDAC4C25E61BE2422DDE3EB3BBC8FC57FB267600A4CDFF9
                                                              SHA-512:88388DAB5173738BA9CDA6E01A0BA0895E110B970C0E215225AF4BD8F35EECC7A4B7C93F0DB84EF953B988A88D5E631B7F1350C5EFA23631912033FB8D56299E
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369701235083114","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\591721c1-e61c-4d85-9ddb-6ededb71b99c.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):25051
                                                              Entropy (8bit):6.030798702934176
                                                              Encrypted:false
                                                              SSDEEP:768:FMGQ7FCYXGIgtDAWtJ4c1suZTgOUrcJnh02tdL:FMGQ5XMBP1v22j
                                                              MD5:188BEA400706E37B2C4F80DD435B6597
                                                              SHA1:97BF1B29211E6267A79754ABC9155E5FCE765129
                                                              SHA-256:0B97C8BB5D3437106DC290B88768F6D2DBA20ACC85F848C3D6F04ECFB4A8F2C0
                                                              SHA-512:726476AEE9295E1B0A51169D81503339B50499672D9FAAAF4A2D282927CFBF28509901E72E5BDF1B227CABF01E35E156BA1A1ADCDD7BDD441A5C092C7EABE2ED
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369701235083114","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\73477df1-8bb9-444b-9253-757dd6447d3d.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):8321
                                                              Entropy (8bit):5.7899548563612875
                                                              Encrypted:false
                                                              SSDEEP:192:fsNwrHDqKeiRUwAj/kJU6qRAq1k8SPxVLZ7VTiQ:fsNwXrxWcJU6q3QxVNZTiQ
                                                              MD5:11E8853AAB002466408CE4890CB12913
                                                              SHA1:2FB98FCC3A1F38EDC6B91E1422BDA39AA4C9893A
                                                              SHA-256:076FFAE0C8273C2D6469D21600E2BC380DC9E57A0125E2B24E48A7B85551A6F5
                                                              SHA-512:C24F23A937970EEAF309A0826705869D4287062B6420E287202D4256D4F781EFF93BAB074829E755AF26E1E1F38A285523B58225037A536FB1ED29D6CE2A7268
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7f43e22f-98b3-4f78-80b3-24ba525515bd.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):8239
                                                              Entropy (8bit):5.795963474843739
                                                              Encrypted:false
                                                              SSDEEP:192:fsNArHDqKeiRUpAj/kJU6qRAq1k8SPxVLZ7VTiQ:fsNAXraWcJU6q3QxVNZTiQ
                                                              MD5:402463971C77ACE6449B71C32128096B
                                                              SHA1:ECA03231FFA95B14756B42F99FBA61FB6AFF19A5
                                                              SHA-256:6C54636278144616CF10E6184C8A9D8523A0128FE4900F95AC6ECF2C4CEC7EFC
                                                              SHA-512:7398CE5727F52C97643C07B2A312F6945D8296B338F4C6C2C1A2F34E972AE638567940D15910B2D4DB512E474C1771080FB49617555C993BA45F52C7109188EF
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9bf01528-f4e1-4e4b-813b-f67d74280c15.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):23965
                                                              Entropy (8bit):6.049422878294457
                                                              Encrypted:false
                                                              SSDEEP:384:PtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhGu/HRGPXoJZ0+Mh0lkdHd5qN:FMGQ7FCYXGIgtDAWtJ4n1suZGvoJZUhQ
                                                              MD5:65F6CF3406ADB8880FB1E204A5517ED7
                                                              SHA1:D1B6EC20D450E1E5F5C0ED1D0DB65EA2E7DCB580
                                                              SHA-256:0687B0BC3741303DE8A0110727022DBF491AD08216E3039EF59E1CEB4FD66B48
                                                              SHA-512:FCD0924DCF745031F75205B7F7457484E4CE73DCA7D00F0107E14819B158D6B71E62F3C2B3758116F2D76B1AE622AD19DCB9416D7AC386C64FA5B10865EDB5E0
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369701235083114","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\773f0ae2-6495-488d-8010-d9bd987607c8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640136267101608
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Q:fwUQC5VwBIiElEd2K57P7Q
                                                              MD5:46EC1899F11FE2F524F4A0ED857B2BF7
                                                              SHA1:830620AD3E3FAC7FE25BD86C291A17AFA245B2CA
                                                              SHA-256:07965BB5BA96950A38D1B7E50D9564F84D383F21D6FB17B6A411925728AF5146
                                                              SHA-512:5496B3873B3C5FA3560593D4E3E9F43F6BFA288C5FC3B879D14269A51938D5DDAD950326D86D8DB606A34F7B235E615237136DB19539A1740CAD9B527BEBAEB2
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640136267101608
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Q:fwUQC5VwBIiElEd2K57P7Q
                                                              MD5:46EC1899F11FE2F524F4A0ED857B2BF7
                                                              SHA1:830620AD3E3FAC7FE25BD86C291A17AFA245B2CA
                                                              SHA-256:07965BB5BA96950A38D1B7E50D9564F84D383F21D6FB17B6A411925728AF5146
                                                              SHA-512:5496B3873B3C5FA3560593D4E3E9F43F6BFA288C5FC3B879D14269A51938D5DDAD950326D86D8DB606A34F7B235E615237136DB19539A1740CAD9B527BEBAEB2
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4E270-1BF4.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.039621156521287434
                                                              Encrypted:false
                                                              SSDEEP:192:4601utmqvDzKX7AJ8iD12absbZHtgbXGh8IYhHBNELi/cRQMcakXn8y08Tcm2RGY:J0EtFlWChhhxQfkX08T2RGOD
                                                              MD5:B14B865EF7A3129F0F2BA5B8707DFC90
                                                              SHA1:AADD39173D557EBF3A792E3EB9541FFB6693D589
                                                              SHA-256:B27E2DD2B4D968B8CEA5F0220731B2D6E0F219FE0253EEF0BF821A78925B00C3
                                                              SHA-512:D4CA678227818F63E86707DC8DA2423C13191E24315D72D8BE2DFEC79192DAB104A44BE394481951865B8B45187A6A7A625DC68B98963AC1CDAD1DD692745773
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@................a...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".amoosf20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4E271-1BB4.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.4689736806010411
                                                              Encrypted:false
                                                              SSDEEP:6144:IIuVLiu/3mlaaHXGwS4I6bqST9CPIaHJG:ULml5Hgz
                                                              MD5:C6E9D8FF3C9441379E83FC2C01B6B7E2
                                                              SHA1:346D19066427706276CA3B584EEFC2BC9F922940
                                                              SHA-256:8AE4C50B6D3A15D8C326C6063BB8319131EC75F9FFD10B4FF17ED8955227E19B
                                                              SHA-512:3F9A4C254DFEBDD515BB37126C598B335EC076B8C08277458D2072FAE478376810C24AA38BD1ADB7BDA02E606F81FA383A196C67698778FDF4560314EFED73DC
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@...............H...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".amoosf20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4E283-178C.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.04070882194238602
                                                              Encrypted:false
                                                              SSDEEP:192:yj0EbtmqvDtKX7BJEa3XxxTxqZ/g+XH970R6Eqh57Ng3R21gQMeQnen8y08Tcm2D:G0EtWeK8YWFhxYSgiQe08T2RGOD
                                                              MD5:51AE284EC304ACA06DBA844B3F78E63B
                                                              SHA1:63BDA7C82D49DC031F55B1DC449C0CC470984CA2
                                                              SHA-256:4B38B290252B54B0F09C4CE654A676C82A809CF5E4554B024885C25A2C272B80
                                                              SHA-512:01FB3E74C3A2FAFE3E1D5E8415E076FBF7B5763F6EFBF3FEAAA390DCD512D036896EE1DFE986A8C775BC6E1E297A635488977D9570B4C05732FAD6644424F3F4
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@...............``...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".amoosf20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4E28C-2300.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.03957958686704912
                                                              Encrypted:false
                                                              SSDEEP:192:Sp0EbtmqvDKKX2JLMo4sPqpRX/gg4rfh9rNE1Oeu1gQsHubwcn8y08Tcm2RGOdB:U0Etq4osfmhFy6gbut08T2RGOD
                                                              MD5:1830484A963531E9E0345F90CADB5776
                                                              SHA1:459211DB669EF91C7A5008AD5BA2A84FF1B250A5
                                                              SHA-256:C5D0064A5E42C41FE4FA1EF1B22D8ABA04DE1550FBDAD270DE8DFD595D009741
                                                              SHA-512:9551C6F0E91AC4D31E448091F7CEE18E695A466F62966AD06BB1DAD8FC58AA016FD2BAD778FA6B130B7398A81C6EC35E3A80621D57C9FB30FA2D4F041BA7AB8C
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@...............x_..0O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".amoosf20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.3553968406659012
                                                              Encrypted:false
                                                              SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                              MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                              SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                              SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                              SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                              Malicious:false
                                                              Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):280
                                                              Entropy (8bit):3.060980776278344
                                                              Encrypted:false
                                                              SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                              MD5:74B32A83C9311607EB525C6E23854EE0
                                                              SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                              SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                              SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                              Malicious:false
                                                              Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0198b17d-f3f0-4bac-a341-1103e521fdaf.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13577
                                                              Entropy (8bit):5.2367618603244805
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZiuaba4uyTJOuvjCp3rVTlmPMYl3x8epj+FhsQABZg1f:sVtLAJuQJOubSVx+lpUOQ88
                                                              MD5:F44466C2A6DE583F2EDDDF4F2D71F57E
                                                              SHA1:7F44067CF068FB03B9C7B38919DCDB948818F634
                                                              SHA-256:EDA49985DFC93139A6E7416DC52C3BF0C8CA98DB45A741E0C858C47D8EB913F8
                                                              SHA-512:CB9C376D487DA28C5D33D08773EEA65638C1CDBC46A1FCD3F127532A95739214F713BAA349F616AA6E52E512D8B965783EB53C77DB85EE475144F96D06EE5222
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0bfc34f2-d00e-4a03-b40c-18460ad553e7.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13687
                                                              Entropy (8bit):5.235166175875884
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZiuaba4uyTJOuvjCp3rVTlmPMYl3x8epj+FhsQAoZg1f:sVtLAJuQJOubSVx+lpUOQ58
                                                              MD5:FF69638C265FAD71E9D28B0BAD30154C
                                                              SHA1:76B76B26D1D669F45904FF8C38C4A57D8997965E
                                                              SHA-256:3BC0DF6D7D8614AAA47548713D2F813415432E629ABA3608F940FCB2822ABADE
                                                              SHA-512:51DDF7F070CD73B2FA9FD3AB77F5905FD6FC767226A48949912222D7C704F22ABCEAC1C3470783A5FAC1FF653A073DDEE19B8D860FEDC2FC9768F2A556A3A933
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3381edbd-21b4-4e38-a745-73007fa471b2.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13649
                                                              Entropy (8bit):5.235839370220235
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZiuaba4uyTJOuvjCp3rVTlmPMYl3x8epj+FhsQAeZg1f:sVtLAJuQJOubSVx+lpUOQ38
                                                              MD5:7B00F83614108262FD0550B456FF5F2F
                                                              SHA1:E1DE020E64FDC8C4A92618DE297EDE82F0FCB45C
                                                              SHA-256:57F23456332BFE105DC7F77B31AD77D5B1A3B26C622802156D06282E80D1A804
                                                              SHA-512:8342CDFF59F632F6297D69A13E34FEA6F6AEBDA27314CF784DA5F05D6F909492315C6C744D2A19E6EFE0AF62EF1B6C8348EB71EA0BC75C724F1E17C82D1A909F
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\58a708aa-9998-47e6-a036-26cf3e07ca18.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):34462
                                                              Entropy (8bit):5.558406850678408
                                                              Encrypted:false
                                                              SSDEEP:768:Xdwi/zWPXffkt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVETfVSrwv78DdKpKtuj:Xdwi/zWPXffktu1jaRLVXv7WTtc
                                                              MD5:93C43FC49D638E5D0E1F412A9FFADB77
                                                              SHA1:0D9E6919A8E328B52CF4CEADCC687F05B88DFD26
                                                              SHA-256:36F2A8152EE83F78561F68FC4D63A0CF5E6FB2B09EB0334CA591BA7786B224DD
                                                              SHA-512:1E3CF525AB97A3609C835C7C9AE190C88A45EA02CBB01E995EC1A884BF73AE317144C3F9319539A59CFDF32FCFB016FE5D2EC9AE370182E5ADCD273116BADA85
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369701234033197","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369701234033197","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7cd76ade-8065-4879-86e6-1902af2a3e0b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12922
                                                              Entropy (8bit):5.161234192084586
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZiuaba4uyTJOuvjCp3rdYl3x8epj+FhsQAOZg1f:sVtLAJuQJOubSGpUOQb8
                                                              MD5:317A27BB93446D57A8FCB7D0754DCBEE
                                                              SHA1:849E2249221AB8B0D30FB30C1F630E4CE1A763C8
                                                              SHA-256:8387B5004E1D0C634BA98015AC923D94D6054D2E362E2D39D8D096B7C4CEC8BE
                                                              SHA-512:1FE65FE5A64D8A12C4D4BD5AA98551E6AC067B9A4D4014718EEFF76BF02794CDCA61FA15B4F51BE10B962BF62F6FA04E1F99DC698DBB2DF5A84B29EE4D55858C
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7e5dd8ce-7881-442e-8fa6-97c2d705422f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.0723590383449695
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZigaba4uyTJOuvjaYl3x8epj+FhsQAOZg1f:sVtLA3uQJOubTpUOQb8
                                                              MD5:D706CAB635AAFB944909CC5F17D61CA5
                                                              SHA1:E159D8524DD5F3A0BDB2CF073EE8529B4AF79AD1
                                                              SHA-256:D508F37EA98FD6664848C8FE5F773A4CB234FC4FA18C04E417779AACA9C11D9A
                                                              SHA-512:0C1FCE4626A0231C4582B48BFFDD25ACC7B3B29EF87DEE6949DBC8D573391B55E73DC32EB6011E2D4140139281CB5A517BE2382D75514DB56696E95C334E2C85
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8e889217-ffb9-44c3-a147-b51ca9e66152.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\93f98136-5cd9-4d23-a169-09b4cf94b0d7.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):115717
                                                              Entropy (8bit):5.183660917461099
                                                              Encrypted:false
                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                              Malicious:false
                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9af04b97-2995-4ac5-880c-6504fff53eeb.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):39660
                                                              Entropy (8bit):5.5623905967224845
                                                              Encrypted:false
                                                              SSDEEP:768:Xdwi8b7pLGLvFzWPXffjt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVp0cTfVSrwv7zDJ:Xdwi8tcvFzWPXffjtu1jaY0cLVXv7NTH
                                                              MD5:0189263F325A5909754BB7A44D8F32C5
                                                              SHA1:C0BBCF900D351BCA2F909EBD11393356EB8C01B4
                                                              SHA-256:18990E61F78A6965DB352C504A6FAC52B223EEEBBCF7F7BB823BCF58F6F0212B
                                                              SHA-512:BB4B38623D51886DD9C5042E2F8F3C62A95C1757038BA1C71E731B397F1BC5C5634B5455789D925A127F16DC13FBF611857A663D835EBABEADB3E962E2BF3446
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369701234033197","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369701234033197","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):1695826
                                                              Entropy (8bit):5.041135168320089
                                                              Encrypted:false
                                                              SSDEEP:24576:RPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:RPfZ/mS5
                                                              MD5:22D20437DC7669E316A605B678BB97C7
                                                              SHA1:C31C4DB80EBCAB445175FC7CC57979E6B2EC0E7D
                                                              SHA-256:0885A07785F3B0295778F4C08FFD9EF0521226C6577F4DEABEBF825777D7D72E
                                                              SHA-512:69CC5AC2FED57F4835555E89747A1267D0CD9FA3086A5B89AEF7F16B5AFE29BBEF539EEEDF32B3BFE2803D88100621600AAFDE5C775F0A4EF2A247B425571E08
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1.b...................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13369701239905763.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]..9..................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13369701239910890.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):293
                                                              Entropy (8bit):5.146346257006238
                                                              Encrypted:false
                                                              SSDEEP:6:PVSv1wkn23oH+Tcwt9Eh1ZB2KLllVrL+q2Pwkn23oH+Tcwt9Eh1tIFUv:PgefYeb9Eh1ZFLnd+vYfYeb9Eh16FUv
                                                              MD5:541594BDB8BB26669AC911C3D1CBFBA7
                                                              SHA1:0C22C7EE68ABF17016509DE9476243503B66E71A
                                                              SHA-256:2C15FD2AA1135A66A70DAE9C2A12FE35289650C0CA0867B8B2CC2BCA7B32A9B0
                                                              SHA-512:A7EFFC723037EEF488B037AB50E93684C1A2073469D0605A795F594137D85413CB89619A2C26062D1F160C8DAC7CACF241BAB45E82A5CCAF3345BCE1D32FFD1F
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:58.692 20cc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/01-17:53:58.734 20cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):0.3202460253800455
                                                              Encrypted:false
                                                              SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                              MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                              SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                              SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                              SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.4649591500134628
                                                              Encrypted:false
                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjO:TouQq3qh7z3bY2LNW9WMcUvB8
                                                              MD5:0233C795F128CF1428DD4DE4B72E8AE5
                                                              SHA1:7DAD61990351B693F4E717DB9302436E4F7E063D
                                                              SHA-256:A78630A1CF7AA3EC249FB897A235F0B952AED3B34AFE8142B6584DB35C8930AB
                                                              SHA-512:8D7DA7B41A99B10DC1BAC8E44FDBD02A90729A2DDCC795CBF5427CFBB918217418495F02FE04F7EC50C5427B4A0159F50895B5C5ADFB39715CDE0B1345424782
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlzQK:Ls3U
                                                              MD5:0E0F7FDDC3CD4CCF663D86E025F1E811
                                                              SHA1:434695CA714A67265131EC0E58C3D0E6B3391C21
                                                              SHA-256:08ED4F2EA6D5464B37C28B6A855181F7C9E4F27E2476C9654CDF15A21134DCDA
                                                              SHA-512:EF92BA8992F9E1474AE5C7C239F3BAE4B366941B6E31E3AF9F29A773465AA8D7649359D682F16969AD4EC2D4C3F2AAE5DF45C52ACC6E91B851584460F52AF2A0
                                                              Malicious:false
                                                              Preview:...........................................$../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):33
                                                              Entropy (8bit):3.5394429593752084
                                                              Encrypted:false
                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):305
                                                              Entropy (8bit):5.231087581675708
                                                              Encrypted:false
                                                              SSDEEP:6:PVY3hq1wkn23oH+TcwtnG2tbB2KLllVnq2Pwkn23oH+TcwtnG2tMsIFUv:Pax1fYebn9VFLnZvYfYebn9GFUv
                                                              MD5:693734DA9D1764FD54541FB125B77089
                                                              SHA1:C161096DA2814DD4C2A475277C9FF98C0FE0EAD6
                                                              SHA-256:33D3A2FAD5E9E0CBABBCA93E5AE7211FA1F67FA4AC623E94C63C395E8030881D
                                                              SHA-512:49976D30635A943A35F7BF125D36709947C7CD6478EC3B29ACD1703B31CB1F4126E731E59E2B4840896C5B097DEBF52FF1B9617C286FC6D3FC3EEA07B33338E9
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.344 1d60 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/01-17:53:54.352 1d60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.494709561094235
                                                              Encrypted:false
                                                              SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                              MD5:CF7760533536E2AF66EA68BC3561B74D
                                                              SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                              SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                              SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6141348331821143
                                                              Encrypted:false
                                                              SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+jMWFCpA7WXmL:Te8D4jJ/6Up+7
                                                              MD5:4A94FAB747E79DE35F4C77D0B7AED14E
                                                              SHA1:45A221FC31B18537CBA37725D5B67895BAC2364C
                                                              SHA-256:8EDE6FBF5D6387D314B8CDE7BF241FFA170BF6BF18C7472BC8D9C00397F7B093
                                                              SHA-512:F6B5BA5F97B1968D41385038C22FE20D19D578645AFC5BB27425B1E5008DC0E19A4FB31C3471F459B11796B78F21F069B075099913D7A71F0BAECADA05C7E42C
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):375520
                                                              Entropy (8bit):5.35411858044668
                                                              Encrypted:false
                                                              SSDEEP:6144:aA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:aFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                              MD5:924320D2AC90C43561796BB6E23D76C7
                                                              SHA1:72C586CF69D7C07CB9F7B2F8F7C4C46840677C1E
                                                              SHA-256:03E0FF74D5D384DCC3D75FA94577F15F7BD056E3B5D69FF65E42205EC537442F
                                                              SHA-512:5A1285F1210AE44B7C03471ABC7CE0186571B746C12D786A1F5F462DB65B72627A1BF918FAA9B3278F66DEE0731FD33A2B4CD51D496D6F672B18AF315F0D02B1
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1..9.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13369701240577571..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):309
                                                              Entropy (8bit):5.211473029165189
                                                              Encrypted:false
                                                              SSDEEP:6:PVwMm1wkn23oH+Tcwtk2WwnvB2KLllVJM+q2Pwkn23oH+Tcwtk2WwnvIFUv:P/fYebkxwnvFLnLM+vYfYebkxwnQFUv
                                                              MD5:C4D49A9FE0BC33B52DE9DCFFFD835793
                                                              SHA1:72431BF59A10993878D0C7C196426FCFC06F5F27
                                                              SHA-256:D506712834C864C3C0CE258BDAD7AF568D3D1899A016BE63FA9A2B853EE499D8
                                                              SHA-512:7890DB8F47BED6D4572A2383429C3B61FFDFFBEA0AC6C9474A8B67FE6AC71B2B0DC5116B6CEAAFFE4784798D94731DB35FCF01281F8CFD12465213D18A350AD6
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:58.853 20fc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/01-17:53:58.941 20fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):358860
                                                              Entropy (8bit):5.324615737884126
                                                              Encrypted:false
                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R3:C1gAg1zfvv
                                                              MD5:3E5B38B8EB6485130D799DBE3F077C93
                                                              SHA1:0426423651C821B290880F8EBE9BA751B0469642
                                                              SHA-256:FDCD8AB8FEA600873204A396AE4C6B0AF0EF5CF4CDD39D6329EEC1A90EBD3D11
                                                              SHA-512:3976BB0AED7BDE45412BD20531DAF9464149340EDD20698BD6E7D9DB5E0810983E2A8B7939948986BC11EB9BF2A2599CBB402E4E7A14A5D11179A7B8150D247F
                                                              Malicious:false
                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):209
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                              MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                              SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                              SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                              SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):281
                                                              Entropy (8bit):5.199183224394321
                                                              Encrypted:false
                                                              SSDEEP:6:PVBg1wkn23oH+Tcwt8aVdg2KLllV3RGFN+q2Pwkn23oH+Tcwt8aPrqIFUv:P3fYeb0Ln6N+vYfYebL3FUv
                                                              MD5:6CBE1567E7059315170AB51AA6FA0677
                                                              SHA1:5D0626F647F3C25531A98C139D9DEC7F445FEA38
                                                              SHA-256:D6724E7C23604DA09C8314D4C4005DD6F50E9F5A8285550F6696049D2756F90D
                                                              SHA-512:07BAF0827C93C782F02973C23A35D46F702848FAC4049FE7C1DDAFEF34ECE124319FECB6622F18349682B7D5F3EDBA39B405BE60E5C73BB832C7239A922FFD97
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.359 1d4c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/01-17:53:54.375 1d4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):209
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                              MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                              SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                              SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                              SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):285
                                                              Entropy (8bit):5.210502392721772
                                                              Encrypted:false
                                                              SSDEEP:6:PVuD1wkn23oH+Tcwt86FB2KLllVOFH+q2Pwkn23oH+Tcwt865IFUv:PcyfYeb/FFLncH+vYfYeb/WFUv
                                                              MD5:6EDB3CCF7B1452E894D7B59710634F08
                                                              SHA1:8BE686DC8B903579A8DAAA99BB58762F6B2B7F2F
                                                              SHA-256:038E6D52E67B8BB0E1F44FFD997DF47CB133B023D94AECC1B6B3BC2948A3CC9F
                                                              SHA-512:ABE75C86C113C50632F2242E49AFC96DAFBA1EF2F2CD9252E4A3384FA84CC05ED26096B0D9C3D8E649D657C85CF182DBA8268B6B7E42F61C9B6DE56EF59BB038
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.377 1d4c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/01-17:53:54.386 1d4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):1197
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                              MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                              SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                              SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                              SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):322
                                                              Entropy (8bit):5.188904411713965
                                                              Encrypted:false
                                                              SSDEEP:6:PVXTFAFlL+q2Pwkn23oH+Tcwt8NIFUt82VX1T1Zmw+2VXRFoHlLVkwOwkn23oH+y:P3AFIvYfYebpFUt82/T1/+2vOHz5JfYN
                                                              MD5:46AC07A37577AD6DDCAB834F92B6B330
                                                              SHA1:FC4C3E7291DCE3F54567F546ABF884476E404F10
                                                              SHA-256:B07BA27FF65075B43BC49E284A841A684300CE64BB20E3B55C3BBA66B0C76D90
                                                              SHA-512:A6209B26472AAE438C099B4AF8AA1BF0C8A7E5CC131ABECA5FF55C7EEB03C6DBA914A3CDC79E2C490F6FC0261B351185C5DCA432AF6E4AAFB6AB54EA5A00569C
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:55.131 1ce8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-17:53:55.132 1ce8 Recovering log #3.2024/09/01-17:53:55.133 1ce8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):322
                                                              Entropy (8bit):5.188904411713965
                                                              Encrypted:false
                                                              SSDEEP:6:PVXTFAFlL+q2Pwkn23oH+Tcwt8NIFUt82VX1T1Zmw+2VXRFoHlLVkwOwkn23oH+y:P3AFIvYfYebpFUt82/T1/+2vOHz5JfYN
                                                              MD5:46AC07A37577AD6DDCAB834F92B6B330
                                                              SHA1:FC4C3E7291DCE3F54567F546ABF884476E404F10
                                                              SHA-256:B07BA27FF65075B43BC49E284A841A684300CE64BB20E3B55C3BBA66B0C76D90
                                                              SHA-512:A6209B26472AAE438C099B4AF8AA1BF0C8A7E5CC131ABECA5FF55C7EEB03C6DBA914A3CDC79E2C490F6FC0261B351185C5DCA432AF6E4AAFB6AB54EA5A00569C
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:55.131 1ce8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-17:53:55.132 1ce8 Recovering log #3.2024/09/01-17:53:55.133 1ce8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):4096
                                                              Entropy (8bit):0.3169096321222068
                                                              Encrypted:false
                                                              SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                              MD5:2554AD7847B0D04963FDAE908DB81074
                                                              SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                              SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                              SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.40981274649195937
                                                              Encrypted:false
                                                              SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                              MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                              SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                              SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                              SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):429
                                                              Entropy (8bit):5.809210454117189
                                                              Encrypted:false
                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                              Malicious:false
                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):2.4446139270621052
                                                              Encrypted:false
                                                              SSDEEP:48:0Bmw6fU1zBP2Ry1KDsK2FS92mhFYbrz1LMpbp+2gjGCHkJ/AztYZIHffNlhlBI8u:0BCyGDFelS9nsH4/AztcauuoKwnXN
                                                              MD5:40AA21995371FE28F4FF68AF5D646F4B
                                                              SHA1:06648DD31B81A3B4F79A36BB8F196E50F0245D82
                                                              SHA-256:C8E85E192DA573C2F6DF3A045ECA9A22ED6A3A959DF3A08B55672B8543BC5B1E
                                                              SHA-512:7D9F6E2D3483CA94A6B1016ADD378FEA1CC70C6FF183121610081BA887172F72EC6F8CB8484BF0D7357445D045C6A6BF9383C16D843A28187DA9E5A601C6ED20
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):159744
                                                              Entropy (8bit):0.6461597057068137
                                                              Encrypted:false
                                                              SSDEEP:96:H+jjRmU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNCXX:H+X+GPXBBE3upb0HtTTDxVjwX
                                                              MD5:0EDDBA7D374352CD6C065C7D1BE8CBE0
                                                              SHA1:63D8122C4D05B00EA24DE95540675A0CF992CAAE
                                                              SHA-256:BC5D345E7A34BDCFED73ED55089B4D4CABCCD2DBCEB4D997D54F5A11CB926407
                                                              SHA-512:18853D8E291D8848438DCD30339FC0F06206AF4C3DC7E33BB12A389D884D3A68AC723FFC7559EBB264DA95268FD259FA101C7E5438B5F1DF242C1D42AC6A75F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8720
                                                              Entropy (8bit):0.3281731663735024
                                                              Encrypted:false
                                                              SSDEEP:6:sA/J3+t76Y4QZZofU99pO0BYkSqR4EZY4QZvGjjn:9hHQws9LdNZBQZGjj
                                                              MD5:2D32101447112FEC6AD6D62483EBDC25
                                                              SHA1:834FC109E7047418C0199A8F1AE6D20751740DC9
                                                              SHA-256:03DAD299799B73AAA46F5781FF6A270FC3A713BA2A077CEA639D5D47A4CB3091
                                                              SHA-512:A9059441DC6F826AA30867DED4F21A2DEACD414476F8883E388B1B8A5995C8F6478C69340018E842A2A9CB1898509F67AE21130557487257486C95634B37E223
                                                              Malicious:false
                                                              Preview:............FP.....'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):115717
                                                              Entropy (8bit):5.183660917461099
                                                              Encrypted:false
                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                              Malicious:false
                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):49152
                                                              Entropy (8bit):3.301360174771812
                                                              Encrypted:false
                                                              SSDEEP:384:qj9P0BgQkQerkgam6IScY773pLtP/Kbt1hRRKToaAu:qd+ge2bFY7nP/S/RKcC
                                                              MD5:AF7C6C9E49F8A6D169EB3CD614B970B7
                                                              SHA1:EA5592A34EC22DF4C4792E701830FDB02BCC2440
                                                              SHA-256:2A2821E1C2D2470F22CD00F00BE00179FCD7A6756782E55B7A52CB487FDF1E26
                                                              SHA-512:5CC0999D6CEC562BCFBE706FE3047D5D12D2C3821C7BFD3C8AAD41D97BD1B3327E28D4BE6309FF99E61032C25DBFD645CDC0E44D454190DC5BB424201F70739D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):406
                                                              Entropy (8bit):5.247924586841726
                                                              Encrypted:false
                                                              SSDEEP:12:P8IvYfYeb8rcHEZrELFUt82l/+235JfYeb8rcHEZrEZSJ:xYfYeb8nZrExg8sJfYeb8nZrEZe
                                                              MD5:499BB6A209DF90B2AF085C1E8077D064
                                                              SHA1:B2E5DC496612FC421199ECD37141DDFE99E80232
                                                              SHA-256:C68AD9AD873A894E5A10DA845514607097DE900108CD7D263171AEEDBED728D0
                                                              SHA-512:FC12AFC51C8B792BF5A319C8EC4F03D3534DDE6F56F0D1B792E5CB8E3B61DC8C0A3DD6EEED8D7367F3CF2737A1652D54759D4B65AB06EDD64BE03A3294712AA8
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:57.021 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/01-17:53:57.022 1ce0 Recovering log #3.2024/09/01-17:53:57.022 1ce0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):406
                                                              Entropy (8bit):5.247924586841726
                                                              Encrypted:false
                                                              SSDEEP:12:P8IvYfYeb8rcHEZrELFUt82l/+235JfYeb8rcHEZrEZSJ:xYfYeb8nZrExg8sJfYeb8nZrEZe
                                                              MD5:499BB6A209DF90B2AF085C1E8077D064
                                                              SHA1:B2E5DC496612FC421199ECD37141DDFE99E80232
                                                              SHA-256:C68AD9AD873A894E5A10DA845514607097DE900108CD7D263171AEEDBED728D0
                                                              SHA-512:FC12AFC51C8B792BF5A319C8EC4F03D3534DDE6F56F0D1B792E5CB8E3B61DC8C0A3DD6EEED8D7367F3CF2737A1652D54759D4B65AB06EDD64BE03A3294712AA8
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:57.021 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/01-17:53:57.022 1ce0 Recovering log #3.2024/09/01-17:53:57.022 1ce0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):334
                                                              Entropy (8bit):5.199982576987771
                                                              Encrypted:false
                                                              SSDEEP:6:PV5Gq2Pwkn23oH+Tcwt8a2jMGIFUt82VW/Zmw+2VZFzkwOwkn23oH+Tcwt8a2jM4:PavYfYeb8EFUt82M//+2vF5JfYeb8bJ
                                                              MD5:BED15B7E1EF173C70A1A1323B358B4AA
                                                              SHA1:F7DA7259D334D004E876AACF2D38F962FB166CBF
                                                              SHA-256:0B705D62022B7A6C99B6455FFD3B3EA7E4BAF971F2F5E90F81178A9BE44EA5E4
                                                              SHA-512:2C6BE234DBBA003582DB2730817D4D3C34FA45FCE1D401C52C5765E68A0DE5930742469FDC4BB1FDC8F0524D62D9AE677F2B281E24F0ED2FB7F8A0CFAF6298EE
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.883 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/01-17:53:54.884 1e50 Recovering log #3.2024/09/01-17:53:54.887 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):334
                                                              Entropy (8bit):5.199982576987771
                                                              Encrypted:false
                                                              SSDEEP:6:PV5Gq2Pwkn23oH+Tcwt8a2jMGIFUt82VW/Zmw+2VZFzkwOwkn23oH+Tcwt8a2jM4:PavYfYeb8EFUt82M//+2vF5JfYeb8bJ
                                                              MD5:BED15B7E1EF173C70A1A1323B358B4AA
                                                              SHA1:F7DA7259D334D004E876AACF2D38F962FB166CBF
                                                              SHA-256:0B705D62022B7A6C99B6455FFD3B3EA7E4BAF971F2F5E90F81178A9BE44EA5E4
                                                              SHA-512:2C6BE234DBBA003582DB2730817D4D3C34FA45FCE1D401C52C5765E68A0DE5930742469FDC4BB1FDC8F0524D62D9AE677F2B281E24F0ED2FB7F8A0CFAF6298EE
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.883 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/01-17:53:54.884 1e50 Recovering log #3.2024/09/01-17:53:54.887 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):57344
                                                              Entropy (8bit):0.863060653641558
                                                              Encrypted:false
                                                              SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                              MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                              SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                              SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                              SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):45056
                                                              Entropy (8bit):0.40293591932113104
                                                              Encrypted:false
                                                              SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                              MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                              SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                              SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                              SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\10bb6def-3343-461d-9e4c-f9dc59c0b92a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\34945187-6f73-4848-ab48-8014470bfbe1.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):111
                                                              Entropy (8bit):4.718418993774295
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6afa0521-d822-4326-9979-8b381a72080b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2271
                                                              Entropy (8bit):5.260965763770143
                                                              Encrypted:false
                                                              SSDEEP:48:YXspx8sYtfcdslWC5sVgsErsJ/gnsj+HssCbJYsH+HXCbZ:nSQdckX4G1n4y1
                                                              MD5:53C088EDB2D77308E4EDB459EC5E6AE6
                                                              SHA1:A91E112B3082A7F735045C3DC1784484E3446641
                                                              SHA-256:88F7801D646726511FE8618B1D6292657F22F7F8F9494630F95D76CE32735F66
                                                              SHA-512:469C3ED1C50FE370781C6BFBDAA816257F914937825E95A68FE8C1079B7FFE931254FC7B54D2DFDF26B13648FE6A1ADBAE6549555A91FD302E5B9B8291BDB311
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372293238338451","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372293239908421","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369794840084136","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372293240555460","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpn

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8caf8765-ef4c-4033-a257-bba869d3eee8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9e47564c-2da5-4119-bcf0-70b24c5a5244.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.0854090514184227
                                                              Encrypted:false
                                                              SSDEEP:48:T2dKLopF+SawLUO1Xj8Bm1s70DLWXldaebNOFyPr:ige+Aumy7DLr
                                                              MD5:C8E0F773F639C38DEA02FAFD4B158C7A
                                                              SHA1:344FCCCE958B2D54D51007FEC896B6EEA475CC0A
                                                              SHA-256:1D4E9E0400A852C2A0FA971D0E366A7C70C37C87AE1243C23B5CB3A0817CA805
                                                              SHA-512:AF6E200D27E39EDCA0219E9C4B38593499C90378AE594A58596D5CE55E1BBE3DC2F29A4FE104F783CAEB00989494218FA0799F82137DFD678E7F0B8412206C95
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):61
                                                              Entropy (8bit):3.926136109079379
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c2aa.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):61
                                                              Entropy (8bit):3.926136109079379
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3ad19.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):61
                                                              Entropy (8bit):3.926136109079379
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):1.330497477587211
                                                              Encrypted:false
                                                              SSDEEP:96:uIEumQv8m1ccnvS6xDo2dQF2YQ9UZn16RVkI:uIEumQv8m1ccnvS6C282rUZnUd
                                                              MD5:F024F0F8CF0E1F0FCD5B6E38AB878121
                                                              SHA1:2F411866A6FF0E1BA1DEDBE4C67EAE0F15B8E79D
                                                              SHA-256:7553F35587B88F7BF4407B178B1C38BD3787EBCDE18DA3C5D1C5D714CB1F496F
                                                              SHA-512:5113589E848C0AB55780800853766864FB2BCB20B0A00CA11B73337644B88C7BFA95A346FBBA38898160CC33DB29FDDB04BCE6B02587D5048BAF746682152A95
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a128.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b4fe.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):203
                                                              Entropy (8bit):5.4042796420747425
                                                              Encrypted:false
                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                              Malicious:false
                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2c2aa.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):203
                                                              Entropy (8bit):5.4042796420747425
                                                              Encrypted:false
                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                              Malicious:false
                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3ce1f.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):203
                                                              Entropy (8bit):5.4042796420747425
                                                              Encrypted:false
                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                              Malicious:false
                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.36515621748816035
                                                              Encrypted:false
                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a9c628a4-21ce-41d6-8f75-f6e50ba55c85.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):355
                                                              Entropy (8bit):5.474445158528212
                                                              Encrypted:false
                                                              SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcuUh/8Bv31dB8wXwlmUUAnIMp5iTjb6:YWyX5Sg9vt+UAnIQcuUCR7N+UAnI/1Q
                                                              MD5:0438D8135844BED0CE201AD9C881B35D
                                                              SHA1:28BFA0454ADF7AFA338E758C9ACA5DAAFF13255C
                                                              SHA-256:86C3E3342B8FEAC76D414F2696647DD636F0F4487B7CFEE4461AEF534AE00DCC
                                                              SHA-512:AC3DD25F743330693B98E23942FF6E4C51A5D4B02294D70E3C48039A6429A79ED0433AF0BDB91F77C2DE718B29E6B984043E0828CA0078E1CAC48D047D031B84
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1756763646.283507,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725227646.283511}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dd2e8947-4e92-464f-8b7c-0b1214b414bc.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dee4f9f4-7be4-49d5-a547-a9799686e89d.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):355
                                                              Entropy (8bit):5.461834478392565
                                                              Encrypted:false
                                                              SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcugQ6RTBv31dB8wXwlmUUAnIMp5yQ2+:YWyX5Sg9vt+UAnIQcuVAR7N+UAnIWMQ
                                                              MD5:B0736D9FF97AC28F48E942EDFF971C81
                                                              SHA1:4F0B3340B914CA0C070C9E3F6AE09033DDE9BB93
                                                              SHA-256:65A14E1B238E1547A06DFE3B6006539131E54B93070198715960998A6D7B22C5
                                                              SHA-512:5DDF2D239C5FD2BA4FB20F6C0053335D79DC734E81016DF4E6E3E2F070271B409F58EB443E23369662ADCF04A8AA7B98013F9B7B8F68D18A0F9326498608F031
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1756763706.892505,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725227706.892509}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5744102022039023
                                                              Encrypted:false
                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                                              MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                                              SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                                              SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                                              SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.0723590383449695
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZigaba4uyTJOuvjaYl3x8epj+FhsQAOZg1f:sVtLA3uQJOubTpUOQb8
                                                              MD5:D706CAB635AAFB944909CC5F17D61CA5
                                                              SHA1:E159D8524DD5F3A0BDB2CF073EE8529B4AF79AD1
                                                              SHA-256:D508F37EA98FD6664848C8FE5F773A4CB234FC4FA18C04E417779AACA9C11D9A
                                                              SHA-512:0C1FCE4626A0231C4582B48BFFDD25ACC7B3B29EF87DEE6949DBC8D573391B55E73DC32EB6011E2D4140139281CB5A517BE2382D75514DB56696E95C334E2C85
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2df2b.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.0723590383449695
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZigaba4uyTJOuvjaYl3x8epj+FhsQAOZg1f:sVtLA3uQJOubTpUOQb8
                                                              MD5:D706CAB635AAFB944909CC5F17D61CA5
                                                              SHA1:E159D8524DD5F3A0BDB2CF073EE8529B4AF79AD1
                                                              SHA-256:D508F37EA98FD6664848C8FE5F773A4CB234FC4FA18C04E417779AACA9C11D9A
                                                              SHA-512:0C1FCE4626A0231C4582B48BFFDD25ACC7B3B29EF87DEE6949DBC8D573391B55E73DC32EB6011E2D4140139281CB5A517BE2382D75514DB56696E95C334E2C85
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF31677.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.0723590383449695
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZigaba4uyTJOuvjaYl3x8epj+FhsQAOZg1f:sVtLA3uQJOubTpUOQb8
                                                              MD5:D706CAB635AAFB944909CC5F17D61CA5
                                                              SHA1:E159D8524DD5F3A0BDB2CF073EE8529B4AF79AD1
                                                              SHA-256:D508F37EA98FD6664848C8FE5F773A4CB234FC4FA18C04E417779AACA9C11D9A
                                                              SHA-512:0C1FCE4626A0231C4582B48BFFDD25ACC7B3B29EF87DEE6949DBC8D573391B55E73DC32EB6011E2D4140139281CB5A517BE2382D75514DB56696E95C334E2C85
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF341ad.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.0723590383449695
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZigaba4uyTJOuvjaYl3x8epj+FhsQAOZg1f:sVtLA3uQJOubTpUOQb8
                                                              MD5:D706CAB635AAFB944909CC5F17D61CA5
                                                              SHA1:E159D8524DD5F3A0BDB2CF073EE8529B4AF79AD1
                                                              SHA-256:D508F37EA98FD6664848C8FE5F773A4CB234FC4FA18C04E417779AACA9C11D9A
                                                              SHA-512:0C1FCE4626A0231C4582B48BFFDD25ACC7B3B29EF87DEE6949DBC8D573391B55E73DC32EB6011E2D4140139281CB5A517BE2382D75514DB56696E95C334E2C85
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF39bc4.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.0723590383449695
                                                              Encrypted:false
                                                              SSDEEP:192:sVtJ9pQTryZigaba4uyTJOuvjaYl3x8epj+FhsQAOZg1f:sVtLA3uQJOubTpUOQb8
                                                              MD5:D706CAB635AAFB944909CC5F17D61CA5
                                                              SHA1:E159D8524DD5F3A0BDB2CF073EE8529B4AF79AD1
                                                              SHA-256:D508F37EA98FD6664848C8FE5F773A4CB234FC4FA18C04E417779AACA9C11D9A
                                                              SHA-512:0C1FCE4626A0231C4582B48BFFDD25ACC7B3B29EF87DEE6949DBC8D573391B55E73DC32EB6011E2D4140139281CB5A517BE2382D75514DB56696E95C334E2C85
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369701234940959","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):33
                                                              Entropy (8bit):4.051821770808046
                                                              Encrypted:false
                                                              SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                              MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                              SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                              SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                              SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                              Malicious:false
                                                              Preview:{"preferred_apps":[],"version":1}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):34462
                                                              Entropy (8bit):5.558406850678408
                                                              Encrypted:false
                                                              SSDEEP:768:Xdwi/zWPXffkt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVETfVSrwv78DdKpKtuj:Xdwi/zWPXffktu1jaRLVXv7WTtc
                                                              MD5:93C43FC49D638E5D0E1F412A9FFADB77
                                                              SHA1:0D9E6919A8E328B52CF4CEADCC687F05B88DFD26
                                                              SHA-256:36F2A8152EE83F78561F68FC4D63A0CF5E6FB2B09EB0334CA591BA7786B224DD
                                                              SHA-512:1E3CF525AB97A3609C835C7C9AE190C88A45EA02CBB01E995EC1A884BF73AE317144C3F9319539A59CFDF32FCFB016FE5D2EC9AE370182E5ADCD273116BADA85
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369701234033197","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369701234033197","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2dbfe.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):34462
                                                              Entropy (8bit):5.558406850678408
                                                              Encrypted:false
                                                              SSDEEP:768:Xdwi/zWPXffkt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVETfVSrwv78DdKpKtuj:Xdwi/zWPXffktu1jaRLVXv7WTtc
                                                              MD5:93C43FC49D638E5D0E1F412A9FFADB77
                                                              SHA1:0D9E6919A8E328B52CF4CEADCC687F05B88DFD26
                                                              SHA-256:36F2A8152EE83F78561F68FC4D63A0CF5E6FB2B09EB0334CA591BA7786B224DD
                                                              SHA-512:1E3CF525AB97A3609C835C7C9AE190C88A45EA02CBB01E995EC1A884BF73AE317144C3F9319539A59CFDF32FCFB016FE5D2EC9AE370182E5ADCD273116BADA85
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369701234033197","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369701234033197","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF30f72.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):34462
                                                              Entropy (8bit):5.558406850678408
                                                              Encrypted:false
                                                              SSDEEP:768:Xdwi/zWPXffkt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVETfVSrwv78DdKpKtuj:Xdwi/zWPXffktu1jaRLVXv7WTtc
                                                              MD5:93C43FC49D638E5D0E1F412A9FFADB77
                                                              SHA1:0D9E6919A8E328B52CF4CEADCC687F05B88DFD26
                                                              SHA-256:36F2A8152EE83F78561F68FC4D63A0CF5E6FB2B09EB0334CA591BA7786B224DD
                                                              SHA-512:1E3CF525AB97A3609C835C7C9AE190C88A45EA02CBB01E995EC1A884BF73AE317144C3F9319539A59CFDF32FCFB016FE5D2EC9AE370182E5ADCD273116BADA85
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369701234033197","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369701234033197","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):364
                                                              Entropy (8bit):3.9973876755310958
                                                              Encrypted:false
                                                              SSDEEP:6:S85aEFljljljljljljly/mW/laDoy9hgtT+TNJw+CA5EEE:S+a8ljljljljljljlyJUZ9vy+CA
                                                              MD5:3711104CCCA07C822F706AFC74BAC646
                                                              SHA1:CC2B602EA47EACD38EBCE57857F85D90C02BED03
                                                              SHA-256:47C9F86E78BA69E7E36B83C3CEB11A7E487FFA36A3416AE75D05076827CF222F
                                                              SHA-512:025A9A6088E3B86C6B4DBF76926032F997B4A28EA5A7A51DA5EB95CDFE607C15B8E80461293A7518B2204965484FC615664DE297BCBC59BAC148F1C3B7138263
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................bj................next-map-id.1.Knamespace-c5db7e69_0c99_491c_94bc_cca011aaaea3-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):322
                                                              Entropy (8bit):5.142576963014779
                                                              Encrypted:false
                                                              SSDEEP:6:PVXARq2Pwkn23oH+TcwtrQMxIFUt82VXRZmw+2VXqgzkwOwkn23oH+TcwtrQMFLJ:PAvYfYebCFUt82b/+25z5JfYebtJ
                                                              MD5:839A62DA352EE58CC7A5F7EA000FD9A0
                                                              SHA1:5880E946D6B7A4DCEDA4432E2461C6B958868286
                                                              SHA-256:92F1BB0659E7AA4B961432899E4DD50B5F67AEC0F8911C1C406C36ABFF5ECD15
                                                              SHA-512:5BF9EF1CC7E730ACBDC9AA0B2169A394B9180ACFBF1759E8ACB487C5D8F6E593E2736FC2A42F7A33DD6EC7E823D84390C1344C75A0A861B69215F8AB9A3D742F
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:55.156 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/01-17:53:55.169 1e50 Recovering log #3.2024/09/01-17:53:55.172 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):322
                                                              Entropy (8bit):5.142576963014779
                                                              Encrypted:false
                                                              SSDEEP:6:PVXARq2Pwkn23oH+TcwtrQMxIFUt82VXRZmw+2VXqgzkwOwkn23oH+TcwtrQMFLJ:PAvYfYebCFUt82b/+25z5JfYebtJ
                                                              MD5:839A62DA352EE58CC7A5F7EA000FD9A0
                                                              SHA1:5880E946D6B7A4DCEDA4432E2461C6B958868286
                                                              SHA-256:92F1BB0659E7AA4B961432899E4DD50B5F67AEC0F8911C1C406C36ABFF5ECD15
                                                              SHA-512:5BF9EF1CC7E730ACBDC9AA0B2169A394B9180ACFBF1759E8ACB487C5D8F6E593E2736FC2A42F7A33DD6EC7E823D84390C1344C75A0A861B69215F8AB9A3D742F
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:55.156 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/01-17:53:55.169 1e50 Recovering log #3.2024/09/01-17:53:55.172 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369701236535882

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):7437
                                                              Entropy (8bit):4.032357507474305
                                                              Encrypted:false
                                                              SSDEEP:96:3YXBNQ6nPDjfxUNAQ6nPDjff9ehriQ6nPDjfcb01:3YXb3PDjZUNA3PDjX9eA3PDjUb8
                                                              MD5:B0145D6816E9116B481CED262D029EFB
                                                              SHA1:41618371721933C8FE9FEBCEFCC5E2787EEA1D77
                                                              SHA-256:559E5CDB18EC829BD1956FBEC30F21BB85FD97DEAED4ACEB06B0AD2DBEFC2B84
                                                              SHA-512:451A54AE3B2DDC63886639AA2411971511E77F27BC54EDF7ADC5CFA732E0F8314800533EBED2328E6F9EC8BCA0103EF40DA83072A478F03FA1246C40F71A6DD3
                                                              Malicious:false
                                                              Preview:SNSS................................"........................................................!.............................................1..,.......$...c5db7e69_0c99_491c_94bc_cca011aaaea3......................-T...................................................................5..0.......&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}.....................................................................<...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3rDebiavCUrAxaQ4GRRf08okfGUhFylIoMz7lh0DgqEakkyFVHVKJwQslGdraN66YvVHz9P&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1362863741%3A1725227640132363&ddm=0....S.i.g.n. .i.n. .-. .G.o.o.g.l.e. .A.c.c.o.u.n.t.s...D...@...!...8.......................................................................................................!......!..................................H...................................................<...h.t.t

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.44194574462308833
                                                              Encrypted:false
                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):350
                                                              Entropy (8bit):5.203354319914576
                                                              Encrypted:false
                                                              SSDEEP:6:PVfy4q2Pwkn23oH+Tcwt7Uh2ghZIFUt82VZNJZmw+2VXyDkwOwkn23oH+Tcwt7UT:Po4vYfYebIhHh2FUt82/NJ/+2sD5JfYz
                                                              MD5:11D39F407ED672A35FD1D790218F925C
                                                              SHA1:F7597F9DC98A8215DFD291EA88C1E1FDD48C11CC
                                                              SHA-256:21300E9C01650313CBB60936DFDCB57A72EE2497E4E05487550AE416475EB091
                                                              SHA-512:1A529FA0A880A9C94E9A6204C7A1246F518112B5EBCAE737A6A63B742ECAD973BDA4F8C58AABBF5C115A31A9186EEB5F71D51E9CAC425F1F9BF1C3FD22F9795E
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.291 1d64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-17:53:54.292 1d64 Recovering log #3.2024/09/01-17:53:54.422 1d64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):350
                                                              Entropy (8bit):5.203354319914576
                                                              Encrypted:false
                                                              SSDEEP:6:PVfy4q2Pwkn23oH+Tcwt7Uh2ghZIFUt82VZNJZmw+2VXyDkwOwkn23oH+Tcwt7UT:Po4vYfYebIhHh2FUt82/NJ/+2sD5JfYz
                                                              MD5:11D39F407ED672A35FD1D790218F925C
                                                              SHA1:F7597F9DC98A8215DFD291EA88C1E1FDD48C11CC
                                                              SHA-256:21300E9C01650313CBB60936DFDCB57A72EE2497E4E05487550AE416475EB091
                                                              SHA-512:1A529FA0A880A9C94E9A6204C7A1246F518112B5EBCAE737A6A63B742ECAD973BDA4F8C58AABBF5C115A31A9186EEB5F71D51E9CAC425F1F9BF1C3FD22F9795E
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.291 1d64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-17:53:54.292 1d64 Recovering log #3.2024/09/01-17:53:54.422 1d64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):524656
                                                              Entropy (8bit):5.027445846313988E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsulgAJ:LsA
                                                              MD5:DA01E46AEAFE56EC9F4A4BDAF4FE7BFF
                                                              SHA1:147BC6473047BE40D1DBD35D0B4D8331A8A93894
                                                              SHA-256:708FC0E4F8D87EB378931A4F455721FC97B7936AB901F165574E68701135F5FD
                                                              SHA-512:675361DE8F3B9D6A357757CADB424747B72C356CC0BE4E0F5B81E583214BBC712D8C3506273914E65A1FD93C9D64A31F6646E05240912B88BC3DC2F92C71BE35
                                                              Malicious:false
                                                              Preview:..........................................0%../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNl/J+:Ls3x
                                                              MD5:592B813EC6A9FDDB1E9A763FE380C7AA
                                                              SHA1:B55883FACDB62D83FA733430F44F8EABDC6589BC
                                                              SHA-256:2E4B13A5DB1D479CFBAB4CBE7C48D0C3EBE74DBD12C9FB560D028E54C2818BF1
                                                              SHA-512:9AF42B4719FBD847722E60A1523CB98EE4638AC21C71152F4D1A9528D0C4818C839E58C5239DB3A4C7A777AB35DB449E169DFF33D11C053BFC4EBAE173A7D76A
                                                              Malicious:false
                                                              Preview:.........................................-.$../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):432
                                                              Entropy (8bit):5.255907689868133
                                                              Encrypted:false
                                                              SSDEEP:12:PkvYfYebvqBQFUt82VM/+2u5JfYebvqBvJ:mYfYebvZg8i3JfYebvk
                                                              MD5:A1A582DE7CC51799B442EA07BCA9CC10
                                                              SHA1:44038F0F125FB40B4D9D902ABAE979BCAB830E73
                                                              SHA-256:10FC93680ECCBD7D6966CAB6212A137EA4601E804C184074E299016B4E9385E8
                                                              SHA-512:782C54686D3D9BD7887E9CF4CA0DCAC3148D5407B1649F832577D093B9B2AE5E378D8EB4F851F6A20BAE2E47E445937B9A41C45BA7BE2D74F9BE571039F1D0F1
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:55.181 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/01-17:53:55.184 1e50 Recovering log #3.2024/09/01-17:53:55.188 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):432
                                                              Entropy (8bit):5.255907689868133
                                                              Encrypted:false
                                                              SSDEEP:12:PkvYfYebvqBQFUt82VM/+2u5JfYebvqBvJ:mYfYebvZg8i3JfYebvk
                                                              MD5:A1A582DE7CC51799B442EA07BCA9CC10
                                                              SHA1:44038F0F125FB40B4D9D902ABAE979BCAB830E73
                                                              SHA-256:10FC93680ECCBD7D6966CAB6212A137EA4601E804C184074E299016B4E9385E8
                                                              SHA-512:782C54686D3D9BD7887E9CF4CA0DCAC3148D5407B1649F832577D093B9B2AE5E378D8EB4F851F6A20BAE2E47E445937B9A41C45BA7BE2D74F9BE571039F1D0F1
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:55.181 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/01-17:53:55.184 1e50 Recovering log #3.2024/09/01-17:53:55.188 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3191fc58-6279-48b1-96e5-099388dc6d29.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4308a775-6142-4be1-ba05-372726dbd711.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6e82dbf2-dbb4-4468-a81e-59a4e65aa48c.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):111
                                                              Entropy (8bit):4.718418993774295
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):193
                                                              Entropy (8bit):4.864047146590611
                                                              Encrypted:false
                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3b835.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):193
                                                              Entropy (8bit):4.864047146590611
                                                              Encrypted:false
                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.555790634850688
                                                              Encrypted:false
                                                              SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                              MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                              SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                              SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                              SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2b4fe.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.36515621748816035
                                                              Encrypted:false
                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e5f6eb23-9454-437c-831c-2c6eae32ff7a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):80
                                                              Entropy (8bit):3.4921535629071894
                                                              Encrypted:false
                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):420
                                                              Entropy (8bit):5.212926463019596
                                                              Encrypted:false
                                                              SSDEEP:12:PicIvYfYebvqBZFUt82iLX/+2iN75JfYebvqBaJ:KpYfYebvyg8jONtJfYebvL
                                                              MD5:CE6EAA064CE1C25D4D2664F494F04CC1
                                                              SHA1:BB960A17812095A26531B9C3BE1BFE905D1F0430
                                                              SHA-256:FBA96A208FC5A7DE881153BE19007421EDB9021D92F4C1BF30BB209AAE8707FE
                                                              SHA-512:AB236EEC08B0B91BC4D45C54483BB4B5CC838F0DA47BE8A177E0F866318F140781DC17A956719F4DB60CCDCB74834132C48ACDCB3433C29B6C78611A7B5E5404
                                                              Malicious:false
                                                              Preview:2024/09/01-17:54:10.910 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/01-17:54:10.911 1e50 Recovering log #3.2024/09/01-17:54:10.915 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):420
                                                              Entropy (8bit):5.212926463019596
                                                              Encrypted:false
                                                              SSDEEP:12:PicIvYfYebvqBZFUt82iLX/+2iN75JfYebvqBaJ:KpYfYebvyg8jONtJfYebvL
                                                              MD5:CE6EAA064CE1C25D4D2664F494F04CC1
                                                              SHA1:BB960A17812095A26531B9C3BE1BFE905D1F0430
                                                              SHA-256:FBA96A208FC5A7DE881153BE19007421EDB9021D92F4C1BF30BB209AAE8707FE
                                                              SHA-512:AB236EEC08B0B91BC4D45C54483BB4B5CC838F0DA47BE8A177E0F866318F140781DC17A956719F4DB60CCDCB74834132C48ACDCB3433C29B6C78611A7B5E5404
                                                              Malicious:false
                                                              Preview:2024/09/01-17:54:10.910 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/01-17:54:10.911 1e50 Recovering log #3.2024/09/01-17:54:10.915 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):326
                                                              Entropy (8bit):5.21998915279024
                                                              Encrypted:false
                                                              SSDEEP:6:PVlQVq2Pwkn23oH+TcwtpIFUt82VpgZmw+2VpIkwOwkn23oH+Tcwta/WLJ:PjovYfYebmFUt82o/+2w5JfYebaUJ
                                                              MD5:C63BA53FFDD58F86402E3774CC809579
                                                              SHA1:E08193F811F207AC8B25F12064D9E79EA95201DD
                                                              SHA-256:C4C9D946867E5E28A55395639F884809484B2269238C97DDF1DFAFFB147020CA
                                                              SHA-512:38CC00D400207B48E98C809D03951FCD09AF689EA7CDEF1FB2AE5A99502994F95433D9795891E9DA288A0DD77FFEE5E647AF46C3838C86F47BDCEBCEE9A203A2
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.213 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-17:53:54.214 1d50 Recovering log #3.2024/09/01-17:53:54.214 1d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):326
                                                              Entropy (8bit):5.21998915279024
                                                              Encrypted:false
                                                              SSDEEP:6:PVlQVq2Pwkn23oH+TcwtpIFUt82VpgZmw+2VpIkwOwkn23oH+Tcwta/WLJ:PjovYfYebmFUt82o/+2w5JfYebaUJ
                                                              MD5:C63BA53FFDD58F86402E3774CC809579
                                                              SHA1:E08193F811F207AC8B25F12064D9E79EA95201DD
                                                              SHA-256:C4C9D946867E5E28A55395639F884809484B2269238C97DDF1DFAFFB147020CA
                                                              SHA-512:38CC00D400207B48E98C809D03951FCD09AF689EA7CDEF1FB2AE5A99502994F95433D9795891E9DA288A0DD77FFEE5E647AF46C3838C86F47BDCEBCEE9A203A2
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.213 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-17:53:54.214 1d50 Recovering log #3.2024/09/01-17:53:54.214 1d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.26707851465859517
                                                              Encrypted:false
                                                              SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                              MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                              SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                              SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                              SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):131072
                                                              Entropy (8bit):0.005576660978132563
                                                              Encrypted:false
                                                              SSDEEP:3:ImtVx//l/0ou/Imqd/fyE/l:IiVt/bugmmSEt
                                                              MD5:A505AA4BFE56FDB2094FF102BDA5067A
                                                              SHA1:54257832547A145C779CA2DF847E97B973D313E1
                                                              SHA-256:804D38C631985C4F02C7F9B8E97BB036368C9293D4494A77ADF3B697A09FD043
                                                              SHA-512:ADF69D011F97FC926FF394911936F2073273B7B4C5785DD02045743D2A880CCEF9A198B0638FA73E7DE819447C70CB24C0797BEE735C7B3801B5741DE58603ED
                                                              Malicious:false
                                                              Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):184320
                                                              Entropy (8bit):1.0673395451121186
                                                              Encrypted:false
                                                              SSDEEP:192:QSqzWMMUfTlnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumY3yn6:QrzWMff5nzkkqtXnTK+hNH+5EVumd
                                                              MD5:039E2A84AB544A63D0F95A04212F0310
                                                              SHA1:D3B34FEB83263B62C27BC74312E2C5B7C974A7BE
                                                              SHA-256:39EA0D79238ADC2F0C5ED761C435DA0CA0C0DBAEF051890DC99259702BB95B11
                                                              SHA-512:9596DEFF1764947DB0941BBDF13DFB15D944B96B6A9D05E61A0176558C9D61D4FF1B7033B4FC481FDB16F08FE97098DC05F7116EDA2801DB3341D66CD4B1E7BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                              Category:dropped
                                                              Size (bytes):14336
                                                              Entropy (8bit):1.4133943091280126
                                                              Encrypted:false
                                                              SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgEa2Ry1KDSPoqD2Ry1KDmxj/:PtSjGhp22iSRVjm
                                                              MD5:964B64ED87D683733D673D990E411B69
                                                              SHA1:35EDC82420C764195EFCC0CC4866DBC448F13C08
                                                              SHA-256:A6F1AFD44B5ED5A63DFCC38CF0E6FE5E8D8DB897CA1AF72590EC6DC98AA41ADE
                                                              SHA-512:8F2EE40AB8D2B1E25C50E0F321508639557630BA35C9829D616DA936FF48A319DCE1E82996D2F0B6C86DAF5C2ADA807E0D1062FC4075CADE14A55FB41D1E4EF4
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.41235120905181716
                                                              Encrypted:false
                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a45dd03f-bb69-4a2f-bc91-f0b42fb7d550.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11755
                                                              Entropy (8bit):5.190465908239046
                                                              Encrypted:false
                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                              Malicious:false
                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b4d6d50b-e5ef-46a1-afe8-cfdad7c2a6e4.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):37817
                                                              Entropy (8bit):5.555930594426634
                                                              Encrypted:false
                                                              SSDEEP:768:Xdwi8b7pLGLvFzWPXffjt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVETfVSrwv79DdKE:Xdwi8tcvFzWPXffjtu1jaRLVXv7LTtj
                                                              MD5:7DD2DF21B11BDFC2A616F500B5FE617E
                                                              SHA1:BA6281351860167E2A156F70649C3CA9AB9F467E
                                                              SHA-256:80166D8FFBD1FF0F966405A283AF3088C8CE7D96D7EC736B49C1458C8AC7CA12
                                                              SHA-512:8FEB70B23EB1F0240B51B4DFB437FD62E4FE86284C97398ADD6FC9D9CE805E48C286F77926AE25AFCB908115C31D10802FF6854B51E31151D206C53C83371CB1
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369701234033197","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369701234033197","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.3410017321959524
                                                              Encrypted:false
                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.35226517389931394
                                                              Encrypted:false
                                                              SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                              MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                              SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                              SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                              SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.09742358524070115
                                                              Encrypted:false
                                                              SSDEEP:6:G9l/wDMcu9l/wDMcu2V9XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vs:CtwDjQtwDjXXFnnnnnnnnnnnnnnpEo
                                                              MD5:8925E5B9509185FFF0E634EFD269783F
                                                              SHA1:457387BCF179F08AA6CA74D67419F0CBB6A0ECDB
                                                              SHA-256:211255E78CF48CA92EB2F0441215D07532FBF10329ADF8770F3C39B4311E8A67
                                                              SHA-512:BBB737142584414885B2549714C916E170BB4877ECCE53A05AA1755A9D75FE0D667B9B32DF7D19C7226845DB8FF7F58FEA0A2731B88763B875DB6A915D264FBD
                                                              Malicious:false
                                                              Preview:..-.............H.........M^m...J.A..d{..........-.............H.........M^m...J.A..d{................D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                              Category:dropped
                                                              Size (bytes):296672
                                                              Entropy (8bit):1.0126475212060977
                                                              Encrypted:false
                                                              SSDEEP:192:sOvrluU772b+q0CedqyMe+qdSxPMeZqv6aPMeUJqzdaPMezqlbdaPMeiqPubbdaD:VvrlVHo0IUdVIIjeIvJfwZizkbZMz32
                                                              MD5:B2C210B01930097450EE878B19FD5460
                                                              SHA1:21BAFA94FF4746BEC1DA3ACA70FF0B7DFAC8CA18
                                                              SHA-256:97570A6B0C9502686870D1672594260BD63A8153E36DCBB95154B94E14A41662
                                                              SHA-512:454D6551653FEE87E53B84D5B60AD78FDA2D066DFC52EF672009E91FAFD5CCB8BE0849A528A2AD7E7719897A2FCF0CF4C6294D0A913770AA088379488A095C8F
                                                              Malicious:false
                                                              Preview:7....-..........J.A..d{.(.]:...........J.A..d{..3.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):250
                                                              Entropy (8bit):3.7048918782369986
                                                              Encrypted:false
                                                              SSDEEP:3:VVXntjQPEnjQgm/ll3seGKT9rcQ6xKOtlTxotlTxotlTxotlTxotlTxotlTxotl:/XntM+Yll3sedhOKOuuuuuu
                                                              MD5:8C5F598B5E7ED06EB94620EA3B910BF5
                                                              SHA1:11F33168B0D47F168E9365D04A1B1E3AA9B6823B
                                                              SHA-256:F7ABA7E3986258F2B3A912FDE4D89AA598FD532FDBF913E4DDF2EF322CE96DC4
                                                              SHA-512:C4C87DFA682DE5591EA2DCD7B2792B73F940FB4961C0A0E0557E55EAE57C527B80E6EA4F8BAC95AFE80B605D516BF1D1D904D94D5A9555185B2E230CE3F9D7FB
                                                              Malicious:false
                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1.q..0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):281
                                                              Entropy (8bit):5.240088662887321
                                                              Encrypted:false
                                                              SSDEEP:6:PVV/wEq1wkn23oH+Tcwtfrl2KLllVVGYZAVq2Pwkn23oH+TcwtfrK+IFUv:P/51fYeb1Ln/d6vYfYeb23FUv
                                                              MD5:641F35C5367622E6BD1C54F93BC7DD60
                                                              SHA1:DEEC5C0F2B68AD5444505EB0D7E6109382EA6BA4
                                                              SHA-256:3E9C8E1A23EE401C8A497E234156BAEBB8CC9F28476D01D2FD2E004D125BC67E
                                                              SHA-512:5E9A693CF44A32DE470F995C103FE5C89444D5824BEB88F2F2493C8837E65A500156907388050F2DAC03911A0403DF993372A40A02679E104F82F6F14313B5DC
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:55.319 1d40 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/01-17:53:55.327 1d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):617
                                                              Entropy (8bit):3.9325179151892424
                                                              Encrypted:false
                                                              SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                                                              MD5:AD15D72AA4792C14DDD002CED70E8245
                                                              SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                                                              SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                                                              SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                                                              Malicious:false
                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):299
                                                              Entropy (8bit):5.198468506967136
                                                              Encrypted:false
                                                              SSDEEP:6:PVY7Eq1wkn23oH+Tcwtfrzs52KLllVVxWAVq2Pwkn23oH+TcwtfrzAdIFUv:PD1fYebs9Ln/x1vYfYeb9FUv
                                                              MD5:56D2B46398B12E81B7C1DC5E9946C860
                                                              SHA1:1A31A625B8A415A653CCEC87CFBF9EAD18234B94
                                                              SHA-256:1CC0903ACCE5F469A3C236574479CE76E558760F77B4E2B2D73C85A2B63C6347
                                                              SHA-512:A77E0370C09EEC5C3B52796634DE3BCE9BA5D93DA72D9B810C0A54EB2D85102C5EB02B592024BD2CC3D02711ECF19B0B4039D8733DA17A9830B553D300FB0D40
                                                              Malicious:false
                                                              Preview:2024/09/01-17:53:54.943 1d40 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/01-17:53:55.317 1d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.47693366977411E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlBB/B:Ls33/B
                                                              MD5:5883750EF293A4CB92BC908BEC904698
                                                              SHA1:75E62B2158B7096FB5775F8B6F905531044BBB22
                                                              SHA-256:80CAEED38CF3D86DE0145718BE6EB975AC3377A8DD849C2BECC952D745B8B286
                                                              SHA-512:88445159C6F95972F53355BE84356C46A5C6EE8462329914528A10E8DD3CF7514AD7DCC2FE6D3CA11E28E037331CA077D314F40EECF896DE74E6EEB8F1F747B3
                                                              Malicious:false
                                                              Preview:......................................../..$../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNl:Ls3
                                                              MD5:5B9AAF21EBED9D34AAD0F8F8FD11358B
                                                              SHA1:B1B9D7C29E2929EA9A9331919A17C344AF32760F
                                                              SHA-256:10C57B7C5EA3AA44BF0CE5E3CA51806EC3A1B7F4E0FEB176D17E2D752F6D7A6C
                                                              SHA-512:7B909BC45261111F279E05A04D531568C62068693B2F495DF174D35A6C5FEB46F37DB9C753957A7CCF3004229C8DDF1A68F14E71D3EAF7EF912DA4FAC84F8447
                                                              Malicious:false
                                                              Preview:...........................................$../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):120
                                                              Entropy (8bit):3.32524464792714
                                                              Encrypted:false
                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                              Malicious:false
                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):13
                                                              Entropy (8bit):2.7192945256669794
                                                              Encrypted:false
                                                              SSDEEP:3:NYLFRQI:ap2I
                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                              Malicious:false
                                                              Preview:117.0.2045.47

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28591.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF285d0.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28b8c.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28b9c.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b193.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d0d3.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d140.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f0ee.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f12c.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39b18.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c218.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f780.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5963118027796015
                                                              Encrypted:false
                                                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlCl:Ls3Cl
                                                              MD5:260E9B21FF41D0BC45F91F20E298D071
                                                              SHA1:00B58AEBE4D97309370B7B9737ACAC09A39A39D5
                                                              SHA-256:21A49EF884714C8AD07C9058D0C43E362D6A7A2350536B9110F5E4DC2072D256
                                                              SHA-512:DA4B8816D1EBFFBAF88C871E333DEEACE0BF138EE62360362FB337369E4E30EEA45759ED3F850F410460642DFA2061F6F13B04D145D8AC91F44E4D851A493491
                                                              Malicious:false
                                                              Preview:.........................................e.$../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):47
                                                              Entropy (8bit):4.3818353308528755
                                                              Encrypted:false
                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                              MD5:48324111147DECC23AC222A361873FC5
                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                              Malicious:false
                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35
                                                              Entropy (8bit):4.014438730983427
                                                              Encrypted:false
                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                              Malicious:false
                                                              Preview:{"forceServiceDetermination":false}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):29
                                                              Entropy (8bit):3.922828737239167
                                                              Encrypted:false
                                                              SSDEEP:3:2NGw+K+:fwZ+
                                                              MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                              SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                              SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                              SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                              Malicious:false
                                                              Preview:customSynchronousLookupUris_0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):35302
                                                              Entropy (8bit):7.99333285466604
                                                              Encrypted:true
                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                              Malicious:false
                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):18
                                                              Entropy (8bit):3.5724312513221195
                                                              Encrypted:false
                                                              SSDEEP:3:kDnaV6bVon:kDYa2
                                                              MD5:5692162977B015E31D5F35F50EFAB9CF
                                                              SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                              SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                              SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                              Malicious:false
                                                              Preview:edgeSettings_2.0-0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3581
                                                              Entropy (8bit):4.459693941095613
                                                              Encrypted:false
                                                              SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                              MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                              SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                              SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                              SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                              Malicious:false
                                                              Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):47
                                                              Entropy (8bit):4.493433469104717
                                                              Encrypted:false
                                                              SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                              MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                              SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                              SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                              SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                              Malicious:false
                                                              Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):35302
                                                              Entropy (8bit):7.99333285466604
                                                              Encrypted:true
                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                              Malicious:false
                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):50
                                                              Entropy (8bit):3.9904355005135823
                                                              Encrypted:false
                                                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                              Malicious:false
                                                              Preview:topTraffic_170540185939602997400506234197983529371

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):575056
                                                              Entropy (8bit):7.999649474060713
                                                              Encrypted:true
                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                              Malicious:false
                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):86
                                                              Entropy (8bit):4.389669793590032
                                                              Encrypted:false
                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                              MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                              SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                              SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                              SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                              Malicious:false
                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ac4c068a-f213-4a8f-8f12-164acb06a853.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.794520331085626
                                                              Encrypted:false
                                                              SSDEEP:192:akrHDqBeiRUShn6qRAq1k8SPxVLZ7VTiq:akXmVn6q3QxVNZTiq
                                                              MD5:268A732ED131857FC00EA1593352762F
                                                              SHA1:C08E290701815EDDB51AC56A6CA6B3E9A4AF4080
                                                              SHA-256:9C0AF7BD2D44FA7351FDE837FDCA9BCEEB1DB1152F54442FB8B5FE3F70907C9F
                                                              SHA-512:A842CC079072C3FC0AA37226C90495E6EEC51FC3583E8F7A94044E391241336CB14F08475401950F640AA8D533A62DB8B425CA3B1A849225A206E629AFE1985B
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACCuFu2N0lwSpYfoINwzVxKEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACEhSxS+Tti3kh/nkNjblgXsqu4VXY9brQqATum5jnyxQAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c6299525-3dd7-4cce-8715-b68f1acfb89e.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):8090
                                                              Entropy (8bit):5.815442688343646
                                                              Encrypted:false
                                                              SSDEEP:192:asNArHDqKeiRUl1QrkJB6qRAq1k8SPxVLZ7VTiq:asNAXrYKoJB6q3QxVNZTiq
                                                              MD5:1248198E27164084F8DC57D5BD846897
                                                              SHA1:0D2B2C354243771CFDF378E22989BD2D21B9C6AC
                                                              SHA-256:7B0462CCCC7B8E1550567A7B8C3591689A2C467A77A2FB2EE3EA62D8CEC32240
                                                              SHA-512:B8E1488F8AA4017D85E240790B5BEFA9AB5379AB69702769EEE9913534CC38B2CC6AB3A9B10F747766F06A6498A02309AABCD5E45F7E4738F4F55421D95DD5FA
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d75fd1bc-1512-4e7e-9fcb-fd94f5f53ebc.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):22923
                                                              Entropy (8bit):6.0461272473357495
                                                              Encrypted:false
                                                              SSDEEP:384:PtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhGu/HRfcJD+Mh0lkdHd5qk:FMGQ7FCYXGIgtDAWtJ4n1suZfcJnh02j
                                                              MD5:75A7D3DC87889BF8FECE089856740F7F
                                                              SHA1:50414119EB8CC4173360E8C656885720BA38B449
                                                              SHA-256:C7B2B843C7E25FC8106C84DE1A13347A013128801010E9B209F92B1CAAA359C7
                                                              SHA-512:66F04166CD44CF44D779DD18EE73163A14956F13B40A181AC8D3FB0367629363FED76401307D124E1D17A9E0FCB3769B581ACD647465D399638B4C3469CF0C3E
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369701235083114","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f0a68b17-9e6b-4563-93c3-f21d4a12157a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):23965
                                                              Entropy (8bit):6.049422878294457
                                                              Encrypted:false
                                                              SSDEEP:384:PtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhGu/HRGPXoJZ0+Mh0lkdHd5qN:FMGQ7FCYXGIgtDAWtJ4n1suZGvoJZUhQ
                                                              MD5:65F6CF3406ADB8880FB1E204A5517ED7
                                                              SHA1:D1B6EC20D450E1E5F5C0ED1D0DB65EA2E7DCB580
                                                              SHA-256:0687B0BC3741303DE8A0110727022DBF491AD08216E3039EF59E1CEB4FD66B48
                                                              SHA-512:FCD0924DCF745031F75205B7F7457484E4CE73DCA7D00F0107E14819B158D6B71E62F3C2B3758116F2D76B1AE622AD19DCB9416D7AC386C64FA5B10865EDB5E0
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369701235083114","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f5268a82-b52b-4112-afa7-2beb8b21035a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):25102
                                                              Entropy (8bit):6.030008415752973
                                                              Encrypted:false
                                                              SSDEEP:768:FMGQ7FCYXGIgtDAWtJ4cksuZTgOUjWcJnh02tdL:FMGQ5XMBPkv2Rhj
                                                              MD5:9B4677B6467A94FCEB5AEA8DB3B90142
                                                              SHA1:1DB125F98C6602F43612353166FC1C68F33A7C96
                                                              SHA-256:63C600CBE225BC8CA2AED8F4C4E7EE5D5CD458A54BFDC48AA4C231E6B22A7428
                                                              SHA-512:21A546EEA8C70D7110C694E0D0F194F01F84AB36515168B71D310DABA22DBEB05D1A88233F8DDCA9FF0458C41B0F4E9ECF953D965592A2BEBAB00C2A86BE42F5
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369701235083114","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2278
                                                              Entropy (8bit):3.840044204683602
                                                              Encrypted:false
                                                              SSDEEP:48:uiTrlKxrgxL4xl9Il8uEmm+FXrdPkcQuV3es2l/LHC/paF0hgLd1rc:mxYjm+FZkg3eVl+BaF0Cs
                                                              MD5:73126075693AEACA20F549EC3925C74A
                                                              SHA1:702484A78AC51AE300D900680EDF558CF8344AB1
                                                              SHA-256:C16148BD2851CBF725AB058CF713DE8A1EC0F055D43ABC5713160353A07B8D13
                                                              SHA-512:C375B9207475A011C24C4B97B6C9B2F42CA9A3C242F32A22914D7A9AA963FCE5B9DDD7C4235F8D02FEC14707E3C5E67A5367C4827B08FED996EDCC21A6F460C0
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.E.c.1.1.M.H.8.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.g.r.h.b.t.j.

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4622
                                                              Entropy (8bit):4.0021036115485575
                                                              Encrypted:false
                                                              SSDEEP:96:BYjW7yE8COXpldoUeEqZaY2lhZdzKFDali8:BGW7yZXqCqZaYCvdzplz
                                                              MD5:827DB9B4F35C8AA724C6F0D53F39AE5F
                                                              SHA1:7B2DC61A46F76471505E6F73AF4B47C1237C3757
                                                              SHA-256:6350A6E435605FB5EA009FB78751220242D3AF43E77C99FD4589EB496A53C121
                                                              SHA-512:994D2DE91DD0EB8F8440FEB88929F2DC414E6034703DFFA3A8BD83129F64D2604EF4D3C21F848FAA5C02F59C863BBB144BB0655F1B06B364CC43AD2C8B2CC45D
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".a.l.M.j.u.r.n.8.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.g.r.h.b.t.j.

                                                              C:\Users\user\AppData\Local\Temp\446fc8fa-ed92-49fc-8f17-a2fae354feed.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Temp\4e137540-24a0-4d01-b60a-a3a355f9555b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                              C:\Users\user\AppData\Local\Temp\50f06052-9ca3-4ca6-b2b3-3c337183e680.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Temp\5d71001e-c392-4e76-b6fe-f29a2f6ced2b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                              Category:dropped
                                                              Size (bytes):206855
                                                              Entropy (8bit):7.983996634657522
                                                              Encrypted:false
                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                              Malicious:false
                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                              C:\Users\user\AppData\Local\Temp\630fc655-6cf3-4ffc-bc4f-ca5e3af2a073.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                              Category:dropped
                                                              Size (bytes):76319
                                                              Entropy (8bit):7.996132588300074
                                                              Encrypted:true
                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                              MD5:24439F0E82F6A60E541FB2697F02043F
                                                              SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                              SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                              SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                              Malicious:false
                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                              C:\Users\user\AppData\Local\Temp\8ecf1a82-61d4-4dfa-a4a1-4e0ba71065e9.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):353
                                                              Entropy (8bit):5.298084287679955
                                                              Encrypted:false
                                                              SSDEEP:6:YEtVExXcrnyE5J56s/utVExZIMmdfVuGLQJjDrwv/utVEx6N3X8sL56s/C:YW6eyy56s/c6ls8GL0Dkv/c6z456s/C
                                                              MD5:B91403934A22DB0D2F2AA653B35E2F32
                                                              SHA1:237A9369696691E959152C99A930E0B79A6DDA64
                                                              SHA-256:B82B0071266782315091DDD5500E6BB71BCEB101C40E0CBCC2B78C4942949702
                                                              SHA-512:CE10AE535811A8724DE9418DB2B5DB7DC65F0DFE7CAF82AD4F1BFA93FE208715B773FB03C145A5E7804081C2EB28EB33E0D1E40FAA0565F5AC0F967E0A301DAB
                                                              Malicious:false
                                                              Preview:{"logTime": "0901/215400", "correlationVector":"3FffV6IBBNLlnYj5XcBSF2","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0901/215400", "correlationVector":"179242739179493E99D2CCFDFF958DBF","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0901/215400", "correlationVector":"V0lo/YuoQpYuV0JrnR6YpI","action":"EXTENSION_UPDATER", "result":""}.

                                                              C:\Users\user\AppData\Local\Temp\d77717d3-e20b-487e-b335-68455a67efd4.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 695310
                                                              Category:dropped
                                                              Size (bytes):529796
                                                              Entropy (8bit):7.998132648601673
                                                              Encrypted:true
                                                              SSDEEP:12288:nWQyIfv7zfAegwBb0QLTluZBBd/VMf+xVmY6ZODxI8OlIc:UIrvvBb0kT+BBL2+xVmYbD+8Op
                                                              MD5:99A3C4127FD3A2E909985FB0669728FA
                                                              SHA1:EB229E2016C22828BD68917F68F1918498DBB309
                                                              SHA-256:374C7A6608CD7D7D480787A62FFA46AFFA86A3E03F54FB9AB2644EC6A7D9FB4B
                                                              SHA-512:D3027A588CBA749562A38B47BCB15F4EF3244159597AE091698ACDBCBCE866742D92DC10A6ABF58E80302DB3C8159F0F71EFEAC8DBD312E1660060DA26B76F39
                                                              Malicious:false
                                                              Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.4593089050301797
                                                              Encrypted:false
                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                              Malicious:false
                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\8ecf1a82-61d4-4dfa-a4a1-4e0ba71065e9.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\128.png

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                              Category:dropped
                                                              Size (bytes):4982
                                                              Entropy (8bit):7.929761711048726
                                                              Encrypted:false
                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                              Malicious:false
                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\af\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):908
                                                              Entropy (8bit):4.512512697156616
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\am\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1285
                                                              Entropy (8bit):4.702209356847184
                                                              Encrypted:false
                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ar\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1244
                                                              Entropy (8bit):4.5533961615623735
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\az\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.867640976960053
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\be\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3107
                                                              Entropy (8bit):3.535189746470889
                                                              Encrypted:false
                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\bg\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1389
                                                              Entropy (8bit):4.561317517930672
                                                              Encrypted:false
                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\bn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1763
                                                              Entropy (8bit):4.25392954144533
                                                              Encrypted:false
                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ca\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):930
                                                              Entropy (8bit):4.569672473374877
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\cs\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):913
                                                              Entropy (8bit):4.947221919047
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\cy\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):806
                                                              Entropy (8bit):4.815663786215102
                                                              Encrypted:false
                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\da\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):883
                                                              Entropy (8bit):4.5096240460083905
                                                              Encrypted:false
                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\de\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1031
                                                              Entropy (8bit):4.621865814402898
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\el\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1613
                                                              Entropy (8bit):4.618182455684241
                                                              Encrypted:false
                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\en\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\en_CA\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\en_GB\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):848
                                                              Entropy (8bit):4.494568170878587
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\en_US\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1425
                                                              Entropy (8bit):4.461560329690825
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                              Malicious:false
                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\es\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):961
                                                              Entropy (8bit):4.537633413451255
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\es_419\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):959
                                                              Entropy (8bit):4.570019855018913
                                                              Encrypted:false
                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\et\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):968
                                                              Entropy (8bit):4.633956349931516
                                                              Encrypted:false
                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\eu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):838
                                                              Entropy (8bit):4.4975520913636595
                                                              Encrypted:false
                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\fa\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1305
                                                              Entropy (8bit):4.673517697192589
                                                              Encrypted:false
                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\fi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):911
                                                              Entropy (8bit):4.6294343834070935
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\fil\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):939
                                                              Entropy (8bit):4.451724169062555
                                                              Encrypted:false
                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\fr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.622066056638277
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\fr_CA\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):972
                                                              Entropy (8bit):4.621319511196614
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\gl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):990
                                                              Entropy (8bit):4.497202347098541
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\gu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1658
                                                              Entropy (8bit):4.294833932445159
                                                              Encrypted:false
                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\hi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1672
                                                              Entropy (8bit):4.314484457325167
                                                              Encrypted:false
                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\hr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):935
                                                              Entropy (8bit):4.6369398601609735
                                                              Encrypted:false
                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\hu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1065
                                                              Entropy (8bit):4.816501737523951
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\hy\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2771
                                                              Entropy (8bit):3.7629875118570055
                                                              Encrypted:false
                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\id\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):858
                                                              Entropy (8bit):4.474411340525479
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\is\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):954
                                                              Entropy (8bit):4.631887382471946
                                                              Encrypted:false
                                                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\it\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):899
                                                              Entropy (8bit):4.474743599345443
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\iw\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2230
                                                              Entropy (8bit):3.8239097369647634
                                                              Encrypted:false
                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ja\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1160
                                                              Entropy (8bit):5.292894989863142
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ka\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3264
                                                              Entropy (8bit):3.586016059431306
                                                              Encrypted:false
                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\kk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3235
                                                              Entropy (8bit):3.6081439490236464
                                                              Encrypted:false
                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\km\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3122
                                                              Entropy (8bit):3.891443295908904
                                                              Encrypted:false
                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\kn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1880
                                                              Entropy (8bit):4.295185867329351
                                                              Encrypted:false
                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                              MD5:8E16966E815C3C274EEB8492B1EA6648
                                                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ko\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1042
                                                              Entropy (8bit):5.3945675025513955
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\lo\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2535
                                                              Entropy (8bit):3.8479764584971368
                                                              Encrypted:false
                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\lt\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1028
                                                              Entropy (8bit):4.797571191712988
                                                              Encrypted:false
                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                              MD5:970544AB4622701FFDF66DC556847652
                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\lv\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):994
                                                              Entropy (8bit):4.700308832360794
                                                              Encrypted:false
                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ml\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2091
                                                              Entropy (8bit):4.358252286391144
                                                              Encrypted:false
                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\mn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2778
                                                              Entropy (8bit):3.595196082412897
                                                              Encrypted:false
                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\mr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1719
                                                              Entropy (8bit):4.287702203591075
                                                              Encrypted:false
                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ms\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):936
                                                              Entropy (8bit):4.457879437756106
                                                              Encrypted:false
                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\my\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3830
                                                              Entropy (8bit):3.5483353063347587
                                                              Encrypted:false
                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                              MD5:342335A22F1886B8BC92008597326B24
                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ne\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1898
                                                              Entropy (8bit):4.187050294267571
                                                              Encrypted:false
                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\nl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.513485418448461
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\no\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):878
                                                              Entropy (8bit):4.4541485835627475
                                                              Encrypted:false
                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\pa\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2766
                                                              Entropy (8bit):3.839730779948262
                                                              Encrypted:false
                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\pl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):978
                                                              Entropy (8bit):4.879137540019932
                                                              Encrypted:false
                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\pt_BR\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):907
                                                              Entropy (8bit):4.599411354657937
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\pt_PT\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.604761241355716
                                                              Encrypted:false
                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ro\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):937
                                                              Entropy (8bit):4.686555713975264
                                                              Encrypted:false
                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ru\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1337
                                                              Entropy (8bit):4.69531415794894
                                                              Encrypted:false
                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\si\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2846
                                                              Entropy (8bit):3.7416822879702547
                                                              Encrypted:false
                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\sk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):934
                                                              Entropy (8bit):4.882122893545996
                                                              Encrypted:false
                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\sl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):963
                                                              Entropy (8bit):4.6041913416245
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\sr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1320
                                                              Entropy (8bit):4.569671329405572
                                                              Encrypted:false
                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\sv\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):884
                                                              Entropy (8bit):4.627108704340797
                                                              Encrypted:false
                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\sw\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):980
                                                              Entropy (8bit):4.50673686618174
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ta\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1941
                                                              Entropy (8bit):4.132139619026436
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\te\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1969
                                                              Entropy (8bit):4.327258153043599
                                                              Encrypted:false
                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\th\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1674
                                                              Entropy (8bit):4.343724179386811
                                                              Encrypted:false
                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\tr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1063
                                                              Entropy (8bit):4.853399816115876
                                                              Encrypted:false
                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\uk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1333
                                                              Entropy (8bit):4.686760246306605
                                                              Encrypted:false
                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\ur\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1263
                                                              Entropy (8bit):4.861856182762435
                                                              Encrypted:false
                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\vi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1074
                                                              Entropy (8bit):5.062722522759407
                                                              Encrypted:false
                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\zh_CN\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):879
                                                              Entropy (8bit):5.7905809868505544
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\zh_HK\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1205
                                                              Entropy (8bit):4.50367724745418
                                                              Encrypted:false
                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\zh_TW\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):843
                                                              Entropy (8bit):5.76581227215314
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_locales\zu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):912
                                                              Entropy (8bit):4.65963951143349
                                                              Encrypted:false
                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\_metadata\verified_contents.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):11280
                                                              Entropy (8bit):5.754230909218899
                                                              Encrypted:false
                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                              Malicious:false
                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\dasherSettingSchema.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):854
                                                              Entropy (8bit):4.284628987131403
                                                              Encrypted:false
                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                              Malicious:false
                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\manifest.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2525
                                                              Entropy (8bit):5.417689528134667
                                                              Encrypted:false
                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                              MD5:10FF8E5B674311683D27CE1879384954
                                                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                              Malicious:false
                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\offscreendocument.html

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:HTML document, ASCII text
                                                              Category:dropped
                                                              Size (bytes):97
                                                              Entropy (8bit):4.862433271815736
                                                              Encrypted:false
                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                              Malicious:false
                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\offscreendocument_main.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):95567
                                                              Entropy (8bit):5.4016395763198135
                                                              Encrypted:false
                                                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                              Malicious:false
                                                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\page_embed_script.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291
                                                              Entropy (8bit):4.65176400421739
                                                              Encrypted:false
                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                              Malicious:false
                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1338419821\CRX_INSTALL\service_worker_bin_prod.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):103988
                                                              Entropy (8bit):5.389407461078688
                                                              Encrypted:false
                                                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                              MD5:EA946F110850F17E637B15CF22B82837
                                                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                              Malicious:false
                                                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1692143573\4e137540-24a0-4d01-b60a-a3a355f9555b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1692143573\CRX_INSTALL\_metadata\verified_contents.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1753
                                                              Entropy (8bit):5.8889033066924155
                                                              Encrypted:false
                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                              Malicious:false
                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1692143573\CRX_INSTALL\content.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):9815
                                                              Entropy (8bit):6.1716321262973315
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1692143573\CRX_INSTALL\content_new.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):10388
                                                              Entropy (8bit):6.174387413738973
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7092_1692143573\CRX_INSTALL\manifest.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):962
                                                              Entropy (8bit):5.698567446030411
                                                              Encrypted:false
                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                              Malicious:false
                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                              Category:dropped
                                                              Size (bytes):453023
                                                              Entropy (8bit):7.997718157581587
                                                              Encrypted:true
                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                              MD5:85430BAED3398695717B0263807CF97C
                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                              Malicious:false
                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3621
                                                              Entropy (8bit):4.930394970522085
                                                              Encrypted:false
                                                              SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNy9K:8S+OfJQPUFpOdwNIOdYVjvYcXaNLth8P
                                                              MD5:A4656D7F5DDA80FE71E083766BAED4B7
                                                              SHA1:D2B07CEC264C14E0F62A47D12865ACFB3C3BE1BC
                                                              SHA-256:A87B76F7A2F78A4D3BC9A812AAF8F274D3BAAFCF946E9923B5CD994ED5112209
                                                              SHA-512:99404CDCDB74244821B727DB3A902A86F17C54B7A911953A0A8BFD665E452C8C2468D0EDFCE5E8A44FFC8114CCFCE18942792E410C5906809224247C53D89CFC
                                                              Malicious:false
                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3621
                                                              Entropy (8bit):4.930394970522085
                                                              Encrypted:false
                                                              SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNy9K:8S+OfJQPUFpOdwNIOdYVjvYcXaNLth8P
                                                              MD5:A4656D7F5DDA80FE71E083766BAED4B7
                                                              SHA1:D2B07CEC264C14E0F62A47D12865ACFB3C3BE1BC
                                                              SHA-256:A87B76F7A2F78A4D3BC9A812AAF8F274D3BAAFCF946E9923B5CD994ED5112209
                                                              SHA-512:99404CDCDB74244821B727DB3A902A86F17C54B7A911953A0A8BFD665E452C8C2468D0EDFCE5E8A44FFC8114CCFCE18942792E410C5906809224247C53D89CFC
                                                              Malicious:false
                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                              Category:dropped
                                                              Size (bytes):5312
                                                              Entropy (8bit):6.615424734763731
                                                              Encrypted:false
                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                              MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                              SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                              SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                              SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                              Malicious:false
                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                              Category:dropped
                                                              Size (bytes):5312
                                                              Entropy (8bit):6.615424734763731
                                                              Encrypted:false
                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                              MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                              SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                              SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                              SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                              Malicious:false
                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):262144
                                                              Entropy (8bit):0.04905391753567332
                                                              Encrypted:false
                                                              SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                              MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                              SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                              SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                              SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.185924656884556
                                                              Encrypted:false
                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.185924656884556
                                                              Encrypted:false
                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.017262956703125623
                                                              Encrypted:false
                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                              Malicious:false
                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zip, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zip, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.035577876577226504
                                                              Encrypted:false
                                                              SSDEEP:3:GtlstFnVIhGOcXg3yWl3lstFnVIhGOcXg3yvT89//alEl:GtWtIGOcXg3NWtIGOcXg3Y89XuM
                                                              MD5:638DFAD15E59AC1303AAFC228C22FD5A
                                                              SHA1:E897B8380E549C8AA21F4BD18AC5CB13586A34AD
                                                              SHA-256:0C2780ABC2CC5B0F2DA1853B8EBBA7869B9940FE5957281FB686231D48A94F3D
                                                              SHA-512:B8C6D5644A2132AA91E0D2CDC03B8D3D2C7A3F4714CA87B0A4CA0A24F2D9523CB5B3E943D81AC07962539F2A846252F52E2AEBE116440E41A8869895B085CB19
                                                              Malicious:false
                                                              Preview:..-.....................p..Z#...^.y.........p..-.....................p..Z#...^.y.........p........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                              Category:dropped
                                                              Size (bytes):32824
                                                              Entropy (8bit):0.03987425719201705
                                                              Encrypted:false
                                                              SSDEEP:3:Ol1FcAzVJ/lolNYkI3o/ll8rEXsxdwhml8XW3R2:Kfcwj6I3Il8dMhm93w
                                                              MD5:54042DEACB07045E1B8F3CD9DB724729
                                                              SHA1:0BBABBE84B60081B0C23BC4A987040626F20F438
                                                              SHA-256:46C6101BDEEB608B1045CAE4FB83F154C440AFED7A2E80740A19C07F61A914A4
                                                              SHA-512:AB44FA2D8F992958AA6356113EF84E45F187123672C7A9EEB36BDE25E1A831EA2E20F82EB1DEA18775B1BC9B08BB4F1CD4A9E82DC2AE60EB58B29A12C631B271
                                                              Malicious:false
                                                              Preview:7....-...........^.y...Ova...g.........^.y...Z..p..#................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):13245
                                                              Entropy (8bit):5.494934052637176
                                                              Encrypted:false
                                                              SSDEEP:192:uhbpGInaRtLYbBp6lhj4qyaaXp6KDnLN9s5RfGNBw8dqSl:5efq/kxWcwp0
                                                              MD5:5574214CB85F2B03B3EAF387EC4FC5A8
                                                              SHA1:23B1C070969BAC23A09EB5FD982B5179C4F64DE7
                                                              SHA-256:8B8638D48C5E69E719A9362AE815C4794D0A32346521656877FFBF7769998761
                                                              SHA-512:EF9C5AD2AEA5E12E1701D26538121BCC5B82C1B324B68B8F1A82E4302B0C0FDEDB7AC7B36EE6B9AD3471899D31D98451ABE1670D21985AA1010D57681986F9A6
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725233766);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725233766);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):13245
                                                              Entropy (8bit):5.494934052637176
                                                              Encrypted:false
                                                              SSDEEP:192:uhbpGInaRtLYbBp6lhj4qyaaXp6KDnLN9s5RfGNBw8dqSl:5efq/kxWcwp0
                                                              MD5:5574214CB85F2B03B3EAF387EC4FC5A8
                                                              SHA1:23B1C070969BAC23A09EB5FD982B5179C4F64DE7
                                                              SHA-256:8B8638D48C5E69E719A9362AE815C4794D0A32346521656877FFBF7769998761
                                                              SHA-512:EF9C5AD2AEA5E12E1701D26538121BCC5B82C1B324B68B8F1A82E4302B0C0FDEDB7AC7B36EE6B9AD3471899D31D98451ABE1670D21985AA1010D57681986F9A6
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725233766);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725233766);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):65536
                                                              Entropy (8bit):0.04062825861060003
                                                              Encrypted:false
                                                              SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                              MD5:18F65713B07CB441E6A98655B726D098
                                                              SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                              SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                              SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):90
                                                              Entropy (8bit):4.194538242412464
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):90
                                                              Entropy (8bit):4.194538242412464
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                              Category:dropped
                                                              Size (bytes):1595
                                                              Entropy (8bit):6.325015233641294
                                                              Encrypted:false
                                                              SSDEEP:24:vIKSUGu5kLZ8HvLXHeU7NJAu3maT5sFPwHVQj60ejhWyOcUVHp/vRmN4r0a864:wKpR5SavzeU7NLdhH0eGVO5F64
                                                              MD5:1EB2E5AD37A41AA96AC38067E69BABCB
                                                              SHA1:A4DF3DB6E8FBADDFA324B1D835DEC91AA022B65D
                                                              SHA-256:A6A5FF9AA49554743FB0D91A86B0343CE7F359C54FEB30EE4F5FDE14D94D6047
                                                              SHA-512:3BED6BDA86E20547A5B127767B763403CC44F006DF1600DDEBBB5EAF11493B6127603868D6A1FC5A5F4CBE1F761960696AF77984CD47D5CC7F49C258B978D8BD
                                                              Malicious:false
                                                              Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{2da18f66-bfd1-4be5-8783-1d6a859e0272}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725233824415,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:....1":{..jUpdate...7,"startTim..`735140...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..eexp

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                              Category:dropped
                                                              Size (bytes):1595
                                                              Entropy (8bit):6.325015233641294
                                                              Encrypted:false
                                                              SSDEEP:24:vIKSUGu5kLZ8HvLXHeU7NJAu3maT5sFPwHVQj60ejhWyOcUVHp/vRmN4r0a864:wKpR5SavzeU7NLdhH0eGVO5F64
                                                              MD5:1EB2E5AD37A41AA96AC38067E69BABCB
                                                              SHA1:A4DF3DB6E8FBADDFA324B1D835DEC91AA022B65D
                                                              SHA-256:A6A5FF9AA49554743FB0D91A86B0343CE7F359C54FEB30EE4F5FDE14D94D6047
                                                              SHA-512:3BED6BDA86E20547A5B127767B763403CC44F006DF1600DDEBBB5EAF11493B6127603868D6A1FC5A5F4CBE1F761960696AF77984CD47D5CC7F49C258B978D8BD
                                                              Malicious:false
                                                              Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{2da18f66-bfd1-4be5-8783-1d6a859e0272}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725233824415,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:....1":{..jUpdate...7,"startTim..`735140...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..eexp

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                              Category:modified
                                                              Size (bytes):1595
                                                              Entropy (8bit):6.325015233641294
                                                              Encrypted:false
                                                              SSDEEP:24:vIKSUGu5kLZ8HvLXHeU7NJAu3maT5sFPwHVQj60ejhWyOcUVHp/vRmN4r0a864:wKpR5SavzeU7NLdhH0eGVO5F64
                                                              MD5:1EB2E5AD37A41AA96AC38067E69BABCB
                                                              SHA1:A4DF3DB6E8FBADDFA324B1D835DEC91AA022B65D
                                                              SHA-256:A6A5FF9AA49554743FB0D91A86B0343CE7F359C54FEB30EE4F5FDE14D94D6047
                                                              SHA-512:3BED6BDA86E20547A5B127767B763403CC44F006DF1600DDEBBB5EAF11493B6127603868D6A1FC5A5F4CBE1F761960696AF77984CD47D5CC7F49C258B978D8BD
                                                              Malicious:false
                                                              Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{2da18f66-bfd1-4be5-8783-1d6a859e0272}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725233824415,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:....1":{..jUpdate...7,"startTim..`735140...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..eexp

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):4096
                                                              Entropy (8bit):2.0836444556178684
                                                              Encrypted:false
                                                              SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                              MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                              SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                              SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                              SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):4537
                                                              Entropy (8bit):5.034090854079055
                                                              Encrypted:false
                                                              SSDEEP:48:YrSAYYk6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyk:yclyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                              MD5:DB18EEF36AB8C40F6A5A9481F24FAC47
                                                              SHA1:1FB5E27BA6E9086BEB773DD06B599AA29D62226A
                                                              SHA-256:E1B81184F68C7BB23A15E67BB782F75125CC5503F20327E57BABCF1DC2F121F0
                                                              SHA-512:1BACD5A75686FA557D7DD6AC223E3FFA353D74AD5FC00B98E9374B2CB42678B1EDB555753A1B8E29E29CC2873564402CB72DF2E43235C5A4AE0FA3F9CE7C8A3C
                                                              Malicious:false
                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-01T23:36:34.928Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):4537
                                                              Entropy (8bit):5.034090854079055
                                                              Encrypted:false
                                                              SSDEEP:48:YrSAYYk6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyk:yclyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                              MD5:DB18EEF36AB8C40F6A5A9481F24FAC47
                                                              SHA1:1FB5E27BA6E9086BEB773DD06B599AA29D62226A
                                                              SHA-256:E1B81184F68C7BB23A15E67BB782F75125CC5503F20327E57BABCF1DC2F121F0
                                                              SHA-512:1BACD5A75686FA557D7DD6AC223E3FFA353D74AD5FC00B98E9374B2CB42678B1EDB555753A1B8E29E29CC2873564402CB72DF2E43235C5A4AE0FA3F9CE7C8A3C
                                                              Malicious:false
                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-01T23:36:34.928Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):6.579636028322307
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:file.exe
                                                              File size:917'504 bytes
                                                              MD5:449530cf1e296159dab207cacf028a1e
                                                              SHA1:1856b7d8b8669b278a5fccbb0f46d94e6686016d
                                                              SHA256:bc8f755dba4ff865f12881eaa431e3048acc715cc8cd4b2687bf137eb9cca372
                                                              SHA512:729f18ffd39d867ffe5d127c9e4bd5b139d1171a3d3a7e5b1691e48b6e710e4420b20868fba36379e2c19218c5e11ccc11cc20e8eb596a4251544124455b11ce
                                                              SSDEEP:12288:kqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarT3:kqDEvCTbMWu7rQYlBQcBiT6rprG8av3
                                                              TLSH:DD159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                              File Icon

                                                              Icon Hash:aaf3e3e3938382a0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x420577
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x66D4DFAF [Sun Sep 1 21:42:07 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:5
                                                              OS Version Minor:1
                                                              File Version Major:5
                                                              File Version Minor:1
                                                              Subsystem Version Major:5
                                                              Subsystem Version Minor:1
                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007F6AB91E07D3h
                                                              jmp 00007F6AB91E00DFh
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007F6AB91E02BDh
                                                              mov dword ptr [esi], 0049FDF0h
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                              mov dword ptr [ecx], 0049FDF0h
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007F6AB91E028Ah
                                                              mov dword ptr [esi], 0049FE0Ch
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                              mov dword ptr [ecx], 0049FE0Ch
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              and dword ptr [eax], 00000000h
                                                              and dword ptr [eax+04h], 00000000h
                                                              push eax
                                                              mov eax, dword ptr [ebp+08h]
                                                              add eax, 04h
                                                              push eax
                                                              call 00007F6AB91E2E7Dh
                                                              pop ecx
                                                              pop ecx
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              lea eax, dword ptr [ecx+04h]
                                                              mov dword ptr [ecx], 0049FDD0h
                                                              push eax
                                                              call 00007F6AB91E2EC8h
                                                              pop ecx
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              push eax
                                                              call 00007F6AB91E2EB1h
                                                              test byte ptr [ebp+08h], 00000001h
                                                              pop ecx

                                                              Rich Headers

                                                              Programming Language:
                                                              • [ C ] VS2008 SP1 build 30729
                                                              • [IMP] VS2008 SP1 build 30729

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0xd40000x95000x9600c751a82e5a8d79b621a6f9cf3bd43e75False0.2811197916666667data5.162523820517443IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                              RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                              RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                              RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                              RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                              RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                              RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                              RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                              Imports

                                                              DLLImport
                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                              PSAPI.DLLGetProcessMemoryInfo
                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                              UxTheme.dllIsThemeActive
                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishGreat Britain

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 1, 2024 23:53:48.904243946 CEST49675443192.168.2.4173.222.162.32
                                                              Sep 1, 2024 23:53:58.600899935 CEST49675443192.168.2.4173.222.162.32
                                                              Sep 1, 2024 23:53:59.783409119 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:53:59.783426046 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:53:59.783631086 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:53:59.783813000 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:53:59.783823967 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.469504118 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.550690889 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:00.550698996 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.551038027 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.551047087 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.551084042 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.551095009 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:00.551103115 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.551126957 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:00.551146030 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:00.551645994 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.687942982 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:00.858697891 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:00.858768940 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.863780022 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:00.863790989 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:00.987221003 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.260787964 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.260831118 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.260874033 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.261292934 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.261336088 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.261363029 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.261389017 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.261419058 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.261451006 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.261482954 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.264333010 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.264343977 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.264378071 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.265624046 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.265660048 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.265690088 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.266153097 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.266210079 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.266244888 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.266294003 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.268912077 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.268918991 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.269254923 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.269288063 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.269769907 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.269777060 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.270428896 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.272456884 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.275402069 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.275453091 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.275460005 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.281234026 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.281248093 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.281425953 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.281708956 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.281740904 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.281745911 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.282062054 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.282071114 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.287262917 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.287317991 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.287322998 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.293315887 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.293370008 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.293375969 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.298302889 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.298310995 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.299326897 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.300160885 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.300384998 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.300384998 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.300393105 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.300410032 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.304883003 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.306830883 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.306837082 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.310066938 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.315232992 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.315263987 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.320513010 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.320610046 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.324214935 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.324223042 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.325675011 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.326149940 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.326154947 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.330935955 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.336055040 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.336086988 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.340918064 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.340925932 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.341223001 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.344954014 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.345068932 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.348697901 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.348742008 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.352230072 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.352292061 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.355465889 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.355479956 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.355690956 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.358932018 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.359044075 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.362327099 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.362354040 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.363604069 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.363614082 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.365642071 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.365937948 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.365943909 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.369210958 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.370537043 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.370542049 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.372495890 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.373558044 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.373563051 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.375721931 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.375870943 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.375875950 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.379009008 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.380583048 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.380589008 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.382353067 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.382463932 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.382469893 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.385665894 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.388987064 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.389039040 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.392330885 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.392386913 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.395659924 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.395690918 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.398945093 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.398974895 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.400521994 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.400527954 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.402354002 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.405611992 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.405675888 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.408766031 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.408792973 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.411698103 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.411906004 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.411950111 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.412703037 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.412713051 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.422357082 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.422391891 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.422447920 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.422478914 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.422723055 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.422795057 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.424199104 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.430435896 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.431152105 CEST49745443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 23:54:01.431157112 CEST44349745142.250.185.161192.168.2.4
                                                              Sep 1, 2024 23:54:01.774221897 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.774240017 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:01.774547100 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.774554014 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:01.774760962 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.774784088 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.775057077 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.775068045 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:01.775135994 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.775141001 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:01.908736944 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.911509991 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.911722898 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.911729097 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.911829948 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.911839962 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.912601948 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.912707090 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.913203955 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.913203955 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.915007114 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.915091038 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.916107893 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.921725988 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.921777010 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.923300028 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.927145004 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.927162886 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:01.927711010 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.928543091 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:01.928554058 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:01.960508108 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.968501091 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.980978966 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.980983973 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.985701084 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.985723019 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:01.985968113 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.986207008 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:01.986218929 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.010421991 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.010459900 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.010500908 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.010508060 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.010531902 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.010550022 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.010654926 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.010691881 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.011250019 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.011780024 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.011780024 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.011785984 CEST4434975613.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.011986971 CEST49756443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.021701097 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.021708965 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.021732092 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.021745920 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.021754026 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.022052050 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.022058010 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.022217035 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.107078075 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.107086897 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.107157946 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.107167006 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.109471083 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.109479904 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.109500885 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.110280037 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.110287905 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.114090919 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.114097118 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.114955902 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.116005898 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.193537951 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.193551064 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.193586111 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.194511890 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.194519043 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.194545984 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.195477962 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.195485115 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.195513010 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.195523977 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.196361065 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.196983099 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.196989059 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.197139025 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.197156906 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.197591066 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.197591066 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.197591066 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.197802067 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.197807074 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.197817087 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.211663961 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.216413021 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.218060970 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.218070030 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.219060898 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.226258039 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.226264000 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.227124929 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.228506088 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.228705883 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.229739904 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.229823112 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.229959965 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.230072021 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.230072021 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.231102943 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.231153965 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.231250048 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.276489973 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.276496887 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.280622005 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.280635118 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.280697107 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.280704021 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.281238079 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.281296968 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.281303883 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.281337023 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.281347990 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.282072067 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.282079935 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.282113075 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.282123089 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.282356977 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.282360077 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.282711029 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.282783985 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.284418106 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.284430027 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.284452915 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.284555912 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.284568071 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.284718990 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.284934044 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.284949064 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.285262108 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.285262108 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.285268068 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.285621881 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.285638094 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.285923958 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.285929918 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.286649942 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.297573090 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.297584057 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.297610044 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.297615051 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.327389002 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.327790022 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.328113079 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.328121901 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.353456974 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.354526043 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.354695082 CEST49757443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.354701996 CEST44349757172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.360871077 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.360886097 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.360959053 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.360964060 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.361042023 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.366543055 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.366558075 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.367417097 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.367453098 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.368201017 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.368213892 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.368484020 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.368490934 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.369174957 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.376296997 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.376303911 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.376384020 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.376390934 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.380458117 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.380999088 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.381073952 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.381402969 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.381443024 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.387490988 CEST49755443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.387495041 CEST4434975513.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.389216900 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.395999908 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.396013021 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.397046089 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.405751944 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.524885893 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.525049925 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.525754929 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.568499088 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.605786085 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.612948895 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.612967968 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.613270998 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.630399942 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.637020111 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.637731075 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.637810946 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.637949944 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.637962103 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.642364979 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.684499979 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.741134882 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.741154909 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.741194010 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.741210938 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.742244959 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.742285013 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.742309093 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.742345095 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.826347113 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.826364994 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.827867985 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.827981949 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.827994108 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.828506947 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.828526974 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.829586983 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.829593897 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.830128908 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.830198050 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.910427094 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.910450935 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.910665989 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.910734892 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.919800043 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.932719946 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.932821989 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.942498922 CEST49760443192.168.2.413.107.246.57
                                                              Sep 1, 2024 23:54:02.942526102 CEST4434976013.107.246.57192.168.2.4
                                                              Sep 1, 2024 23:54:02.944741964 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.944786072 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.945374966 CEST49762443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.945383072 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.945528030 CEST49763443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.945554018 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.945713043 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.945719957 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.945918083 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.945925951 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.946089029 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.946094036 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.946247101 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.946266890 CEST49763443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.946280003 CEST49762443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.946594000 CEST49763443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.946605921 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.946692944 CEST49762443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.946707964 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.946818113 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.946830034 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.948270082 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.948271036 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.948287010 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.948554039 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.948565006 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.948681116 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.948693037 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:02.948772907 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.948785067 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.382388115 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.383933067 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.393208981 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.398955107 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.401043892 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.410020113 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.418421984 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.418457031 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.418521881 CEST49763443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.418530941 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.418617010 CEST49762443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.418639898 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.418709993 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.418718100 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.418781996 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.418788910 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.418870926 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.418874979 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.418884993 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.418930054 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.419365883 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.419675112 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.419837952 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.419910908 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.421653032 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.421653032 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.422780991 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.432506084 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.436297894 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.448990107 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:03.449008942 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:03.450968981 CEST49769443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.450997114 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.451106071 CEST49770443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.451112986 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.451210022 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.451236010 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.451302052 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.451307058 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.451396942 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.451404095 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.451536894 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:03.451539040 CEST49769443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.451539040 CEST49770443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.451548100 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.451548100 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.451560974 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.455739021 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.455744982 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.456106901 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.456195116 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.456504107 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.456579924 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.456630945 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.456963062 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.457020998 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.457263947 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.457324028 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.457551003 CEST49762443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.457623959 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.457752943 CEST49763443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.457818031 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.458472967 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:03.458483934 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:03.458600044 CEST49769443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.458610058 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.458688974 CEST49770443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.458697081 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.458794117 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.458810091 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.458877087 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.458885908 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.458977938 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.458986044 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.459069967 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:03.459074974 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:03.501216888 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.501216888 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.501230955 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.501245022 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.501255989 CEST49763443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.578707933 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.578742027 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.578754902 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.578754902 CEST49762443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.578763008 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.586551905 CEST49775443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:03.586561918 CEST4434977535.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:03.587119102 CEST49775443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:03.593063116 CEST49775443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:03.593071938 CEST4434977535.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:03.608942986 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.608978033 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.783185959 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.783220053 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:04.026074886 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:04.032159090 CEST4434977535.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:04.033503056 CEST49775443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:04.053231955 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:04.053240061 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:04.054323912 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:04.055320978 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:04.060121059 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.061954975 CEST49775443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:04.061965942 CEST4434977535.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:04.062098980 CEST4434977535.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:04.062294006 CEST49775443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:04.062611103 CEST49775443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:04.062618017 CEST4434977535.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:04.063028097 CEST49779443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:04.063049078 CEST4434977935.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:04.063435078 CEST49779443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:04.064318895 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.064990997 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.065016031 CEST49779443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:04.065026999 CEST4434977935.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:04.067178011 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.067272902 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.072498083 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:04.072576046 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:04.074815035 CEST49769443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.074821949 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.075124025 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.080719948 CEST49769443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.080780029 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.080935955 CEST49770443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.080941916 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.081058025 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.081070900 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.081141949 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.081147909 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.081219912 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.081224918 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.081250906 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.081804037 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.081892967 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:04.081902981 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:04.081949949 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.082149982 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.082259893 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.082319975 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.082356930 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.082484007 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.084108114 CEST49769443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.085079908 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.085135937 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.090019941 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.090025902 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.090874910 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.091311932 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.095626116 CEST49770443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.095676899 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.096380949 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.096436977 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.097167969 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.097259998 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.100841045 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.100894928 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.101560116 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.101566076 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.101639032 CEST49770443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.101737022 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.101747036 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.101787090 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.101800919 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.102566004 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.102570057 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.128498077 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.148500919 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.175987005 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.176003933 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.176192999 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.179138899 CEST49769443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.181114912 CEST49769443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.181121111 CEST4434976913.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.181385040 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.181406021 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.182713985 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.183146000 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.183155060 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.187407017 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:04.187417984 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:04.188323021 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:04.191292048 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:04.191371918 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:04.192641973 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.192826033 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.193430901 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:04.193442106 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:04.194159985 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:04.194190979 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.194236040 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.194705963 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.194930077 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.196230888 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.196909904 CEST49768443192.168.2.420.96.153.111
                                                              Sep 1, 2024 23:54:04.196917057 CEST4434976820.96.153.111192.168.2.4
                                                              Sep 1, 2024 23:54:04.197449923 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.197678089 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.197822094 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.198136091 CEST49772443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.198141098 CEST4434977213.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.198321104 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.198798895 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.199381113 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.199476004 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.201756001 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.202018023 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.202054024 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.204032898 CEST49770443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.219643116 CEST49773443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.219650984 CEST4434977313.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.223504066 CEST49771443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.223509073 CEST4434977113.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.225930929 CEST49774443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.225934029 CEST4434977413.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.226322889 CEST49770443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.226327896 CEST4434977013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.526827097 CEST4434977935.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:04.529167891 CEST49779443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:04.813829899 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:04.816930056 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:04.826359987 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.847063065 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.847070932 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.847363949 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.849106073 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.849157095 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:04.850192070 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:04.853032112 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:04.853039980 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:04.853256941 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:04.892498970 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:05.056499958 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:05.058252096 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:05.064502954 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:05.065016985 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:05.077603102 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:05.078963995 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:05.078977108 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:05.079011917 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:05.079348087 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:05.079371929 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:05.080802917 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.080823898 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.080992937 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.081001997 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.081020117 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.081353903 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.081367016 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.081491947 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.081674099 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.081686020 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.083481073 CEST49780443192.168.2.413.107.246.40
                                                              Sep 1, 2024 23:54:05.083487988 CEST4434978013.107.246.40192.168.2.4
                                                              Sep 1, 2024 23:54:05.124509096 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:05.253714085 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:05.253755093 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:05.259335995 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:05.269143105 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:05.269143105 CEST49781443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:05.269160986 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:05.269167900 CEST44349781184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:05.310492992 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:05.310506105 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:05.310723066 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:05.311160088 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:05.311171055 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:05.391660929 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:05.391669035 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:05.391757965 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:05.391952991 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:05.391962051 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:05.479870081 CEST49779443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:05.479878902 CEST4434977935.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:05.480036974 CEST49779443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:05.480046034 CEST4434977935.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:05.482633114 CEST49779443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:05.494893074 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:05.499703884 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:05.505444050 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:05.518726110 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:05.523340940 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.523689985 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.523699999 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.524068117 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.524247885 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:05.524312019 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.524786949 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.524838924 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.530432940 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.530503035 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.530620098 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.530627012 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.536905050 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.538285017 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.538291931 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.538599014 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.539196014 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.540781975 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.540786982 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.541201115 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.541253090 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.541537046 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.583662033 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.583667994 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:05.614233971 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:05.780261040 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.586961985 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.587035894 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.587104082 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.587414980 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.587474108 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.587713003 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.587727070 CEST44349783142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.587775946 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.587775946 CEST49783443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.587974072 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.589011908 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:06.589154005 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:06.589246035 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:06.589399099 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:06.589508057 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:06.589617014 CEST49782443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.589632034 CEST44349782142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.591280937 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:06.591556072 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:06.593498945 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:06.593508005 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:06.593705893 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:06.594583035 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.595397949 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:06.595715046 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.595720053 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.596575975 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.596904039 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.597810984 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.597863913 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.597974062 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.603380919 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:06.608326912 CEST804978734.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:06.608398914 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:06.608544111 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:06.613296986 CEST804978734.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:06.640501976 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:06.644509077 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.680598021 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:06.680640936 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:06.680726051 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:06.680883884 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:06.680898905 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:06.691802025 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.691838980 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.691867113 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.691878080 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.691916943 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.691943884 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.692188025 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.692193031 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.692339897 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.693042040 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.693048954 CEST44349785142.251.35.164192.168.2.4
                                                              Sep 1, 2024 23:54:06.696209908 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.696229935 CEST49785443192.168.2.4142.251.35.164
                                                              Sep 1, 2024 23:54:06.855184078 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:06.855232954 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:06.855292082 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:06.855968952 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:06.855978012 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:06.855984926 CEST49784443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 23:54:06.855989933 CEST44349784184.28.90.27192.168.2.4
                                                              Sep 1, 2024 23:54:06.912134886 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.912156105 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.912339926 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.912350893 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.912822008 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.912847996 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.913043976 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.913053989 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:06.913125992 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.913134098 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.042028904 CEST804978734.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:07.124763012 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:07.289484978 CEST804978734.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:07.290075064 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:07.294629097 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:07.295217037 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:07.295236111 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:07.296345949 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:07.296422005 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:07.297369003 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:07.297425985 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:07.297557116 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:07.343611002 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:07.343632936 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:07.351139069 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.351382017 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.351391077 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.351702929 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.352302074 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.353477001 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.353482962 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.353781939 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.353835106 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.380964041 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.381145954 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.381154060 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.381531000 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.381628036 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.382236958 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.382293940 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.382410049 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.382471085 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.390469074 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:07.436359882 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:07.436496019 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:07.436963081 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:07.437216997 CEST49788443192.168.2.4142.251.40.106
                                                              Sep 1, 2024 23:54:07.437227011 CEST44349788142.251.40.106192.168.2.4
                                                              Sep 1, 2024 23:54:07.481103897 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.481110096 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.481161118 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.481167078 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.625190020 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.625190020 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:10.700565100 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:10.700606108 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:10.700812101 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:10.701859951 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:10.701877117 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:11.532453060 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:11.532578945 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:11.536204100 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:11.536236048 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:11.536614895 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:11.579556942 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:12.273401022 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:12.320506096 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.490961075 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.490983963 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.490989923 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.490999937 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.491043091 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.491256952 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:12.491283894 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.491337061 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:12.492403984 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.492470980 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:12.498764038 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:13.122181892 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:13.122206926 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:13.122220993 CEST49791443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:13.122226000 CEST4434979152.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:16.592808008 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:16.642930031 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:17.048439026 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:17.053277969 CEST804978734.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:18.294524908 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.294605970 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.294697046 CEST49763443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.297084093 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.297141075 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.297961950 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.298012972 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.300775051 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.300795078 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.310121059 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.310179949 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.310237885 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.313601017 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.313649893 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.313764095 CEST49762443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.317219973 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.317290068 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.317408085 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.489110947 CEST49766443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.489136934 CEST44349766172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.489150047 CEST49761443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.489181042 CEST44349761172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.489195108 CEST49764443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.489200115 CEST44349764172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.489221096 CEST49765443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.489228964 CEST44349765172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.489244938 CEST49762443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.489248037 CEST44349762172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.489284039 CEST49763443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.489288092 CEST44349763172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.584005117 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:18.584033012 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:18.584148884 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:18.584316015 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:18.584326029 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.117252111 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.117541075 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.117552996 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.118483067 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.118546009 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.119680882 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.119733095 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.119857073 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.160509109 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.168179035 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.168185949 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.216150999 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.216175079 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.216201067 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.216211081 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.216231108 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.216245890 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.216267109 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.216744900 CEST49797443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 23:54:19.216754913 CEST44349797152.195.19.97192.168.2.4
                                                              Sep 1, 2024 23:54:19.446567059 CEST49798443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.446584940 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.446724892 CEST49799443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.446757078 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.447590113 CEST49798443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.447690010 CEST49799443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.447829962 CEST49799443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.447839975 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.447937012 CEST49798443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.447946072 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.881824017 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.890886068 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.914546013 CEST49799443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.914556026 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.914661884 CEST49798443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.914670944 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.915425062 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.916585922 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.924487114 CEST49798443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.924582958 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.924735069 CEST49799443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.924803972 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.970504999 CEST49798443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.970506907 CEST49799443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:26.647768974 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:26.652659893 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:27.064513922 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:27.069340944 CEST804978734.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:30.161276102 CEST49802443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:30.161323071 CEST4434980235.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:30.173749924 CEST49802443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:30.175195932 CEST49802443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:30.175211906 CEST4434980235.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:30.175585985 CEST49803443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:30.175595045 CEST4434980335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:30.175719023 CEST49804443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:30.175724983 CEST4434980434.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:30.180711985 CEST49803443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:30.180738926 CEST49804443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:30.180871964 CEST49803443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:30.180882931 CEST4434980335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:30.180999041 CEST49804443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:30.181015015 CEST4434980434.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:30.581923962 CEST49805443192.168.2.418.65.39.4
                                                              Sep 1, 2024 23:54:30.581960917 CEST4434980518.65.39.4192.168.2.4
                                                              Sep 1, 2024 23:54:30.582211971 CEST49805443192.168.2.418.65.39.4
                                                              Sep 1, 2024 23:54:30.582364082 CEST49805443192.168.2.418.65.39.4
                                                              Sep 1, 2024 23:54:30.582379103 CEST4434980518.65.39.4192.168.2.4
                                                              Sep 1, 2024 23:54:30.609664917 CEST4434980235.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:30.609678030 CEST4434980235.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:30.609741926 CEST49802443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:30.614674091 CEST49802443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:30.614686966 CEST4434980235.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:30.614770889 CEST49802443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:30.614820957 CEST4434980235.190.72.216192.168.2.4
                                                              Sep 1, 2024 23:54:30.615591049 CEST49802443192.168.2.435.190.72.216
                                                              Sep 1, 2024 23:54:30.617073059 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:30.618491888 CEST4434980434.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:30.618765116 CEST49804443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:30.621814013 CEST49804443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:30.621819019 CEST4434980434.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:30.621880054 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:30.622015953 CEST4434980434.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:30.624475956 CEST49804443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:30.624572039 CEST49804443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:30.624614000 CEST4434980434.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:30.624994993 CEST49804443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:30.640362978 CEST4434980335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:30.640427113 CEST49803443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:30.643394947 CEST49803443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:30.643400908 CEST4434980335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:30.643598080 CEST4434980335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:30.646090984 CEST49803443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:30.646171093 CEST49803443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:30.646224976 CEST4434980335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:30.646775961 CEST49803443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:30.647521019 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:30.652389050 CEST804978734.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:30.652436972 CEST4978780192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:30.846524954 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:30.846807957 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:30.852077007 CEST804978634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:30.852189064 CEST4978680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:30.857148886 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:30.861999035 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:30.862103939 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:30.862251997 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:30.866995096 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.284784079 CEST4434980518.65.39.4192.168.2.4
                                                              Sep 1, 2024 23:54:31.284858942 CEST49805443192.168.2.418.65.39.4
                                                              Sep 1, 2024 23:54:31.288120031 CEST49805443192.168.2.418.65.39.4
                                                              Sep 1, 2024 23:54:31.288127899 CEST4434980518.65.39.4192.168.2.4
                                                              Sep 1, 2024 23:54:31.288511038 CEST4434980518.65.39.4192.168.2.4
                                                              Sep 1, 2024 23:54:31.290724039 CEST49805443192.168.2.418.65.39.4
                                                              Sep 1, 2024 23:54:31.290848017 CEST49805443192.168.2.418.65.39.4
                                                              Sep 1, 2024 23:54:31.290872097 CEST4434980518.65.39.4192.168.2.4
                                                              Sep 1, 2024 23:54:31.290980101 CEST49805443192.168.2.418.65.39.4
                                                              Sep 1, 2024 23:54:31.299181938 CEST49807443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.299209118 CEST4434980735.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.299552917 CEST49807443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.299643993 CEST49807443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.299658060 CEST4434980735.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.302305937 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.304330111 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:31.309066057 CEST49809443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.309093952 CEST4434980935.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.309180975 CEST49810443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.309185028 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.309189081 CEST4434981035.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.309236050 CEST49809443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.309320927 CEST49809443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.309334993 CEST4434980935.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.309406996 CEST49810443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.309407949 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:31.309514046 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:31.309686899 CEST49810443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.309699059 CEST4434981035.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.314275026 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.345827103 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:31.672334909 CEST8049724178.79.208.1192.168.2.4
                                                              Sep 1, 2024 23:54:31.672434092 CEST4972480192.168.2.4178.79.208.1
                                                              Sep 1, 2024 23:54:31.672460079 CEST4972480192.168.2.4178.79.208.1
                                                              Sep 1, 2024 23:54:31.677263021 CEST8049724178.79.208.1192.168.2.4
                                                              Sep 1, 2024 23:54:31.736567974 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.739221096 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:31.742590904 CEST4434980735.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.742679119 CEST49807443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.742961884 CEST4434981035.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.743115902 CEST49810443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.743149996 CEST4434980935.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.743202925 CEST49809443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.744009018 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.745093107 CEST49807443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.745100975 CEST4434980735.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.745299101 CEST4434980735.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.747395039 CEST49810443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.747402906 CEST4434981035.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.747608900 CEST4434981035.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.749562979 CEST49809443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.749572992 CEST4434980935.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.749763012 CEST4434980935.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.752577066 CEST49807443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.752597094 CEST49810443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.752690077 CEST49810443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.752732038 CEST4434980735.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.752747059 CEST49807443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.752753973 CEST4434980735.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.752762079 CEST4434981035.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.753150940 CEST49809443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.753192902 CEST49809443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.753273010 CEST4434980935.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:31.753354073 CEST49810443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.753369093 CEST49807443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.753374100 CEST49809443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:31.756130934 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:31.760921955 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.831954002 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.846538067 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.848378897 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:31.853193045 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.895726919 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:31.940809011 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:31.988184929 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:34.793656111 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:34.793716908 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:34.793812037 CEST49798443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:34.797405005 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:34.797436953 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:34.797494888 CEST49799443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:41.860907078 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:41.865789890 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:41.945523024 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:41.950428009 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:49.931727886 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:49.931761980 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:49.931827068 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:49.932230949 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:49.932240009 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.584081888 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.584198952 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.587290049 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.587299109 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.587495089 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.595113993 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.640505075 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.843983889 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.844001055 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.844022036 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.844090939 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.844100952 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.844269037 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.844926119 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.844959974 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.844985962 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.844990015 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.844999075 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.845029116 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.845056057 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.848687887 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.848696947 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:50.848716974 CEST49812443192.168.2.452.165.165.26
                                                              Sep 1, 2024 23:54:50.848721027 CEST4434981252.165.165.26192.168.2.4
                                                              Sep 1, 2024 23:54:51.879582882 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:51.884416103 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:51.964134932 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:51.969000101 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:52.483377934 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:52.483388901 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:52.483421087 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:52.483427048 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:53.318465948 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:53.365509987 CEST49813443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:53.365595102 CEST4434981335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:53.366892099 CEST49813443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:53.367019892 CEST49813443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:53.367043018 CEST4434981335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:53.498631001 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:53.585319996 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:53.636445999 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:53.757169962 CEST49816443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:53.757210016 CEST4434981634.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:53.757723093 CEST49816443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:53.759073019 CEST49816443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:53.759094000 CEST4434981634.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:53.765537977 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:53.770375013 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:53.778378963 CEST49817443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:53.778407097 CEST4434981734.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:53.780286074 CEST49817443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:53.781636000 CEST49817443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:53.781649113 CEST4434981734.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:53.857752085 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:53.906084061 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:54.107542992 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:54.108473063 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:54.109030008 CEST4434981335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:54.111319065 CEST49813443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:54.114906073 CEST49813443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:54.114928007 CEST4434981335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:54.115107059 CEST4434981335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:54.115374088 CEST49819443192.168.2.434.160.144.191
                                                              Sep 1, 2024 23:54:54.115405083 CEST4434981934.160.144.191192.168.2.4
                                                              Sep 1, 2024 23:54:54.116144896 CEST49819443192.168.2.434.160.144.191
                                                              Sep 1, 2024 23:54:54.116379023 CEST49819443192.168.2.434.160.144.191
                                                              Sep 1, 2024 23:54:54.116394043 CEST4434981934.160.144.191192.168.2.4
                                                              Sep 1, 2024 23:54:54.119509935 CEST49813443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:54.119568110 CEST49813443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:54.119657040 CEST4434981335.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:54.122311115 CEST49813443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:54.222709894 CEST4434981634.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.226259947 CEST49816443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.230869055 CEST49816443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.230890036 CEST4434981634.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.230978966 CEST49816443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.231050968 CEST4434981634.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.231101990 CEST49816443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.231374979 CEST49820443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.231403112 CEST4434982034.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.231471062 CEST49820443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.232775927 CEST49820443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.232786894 CEST4434982034.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.238624096 CEST4434981734.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.238697052 CEST49817443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.243310928 CEST49817443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.243314981 CEST4434981734.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.243381023 CEST49817443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.243437052 CEST4434981734.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.243520021 CEST49817443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.554040909 CEST4434981934.160.144.191192.168.2.4
                                                              Sep 1, 2024 23:54:54.554127932 CEST49819443192.168.2.434.160.144.191
                                                              Sep 1, 2024 23:54:54.557286024 CEST49819443192.168.2.434.160.144.191
                                                              Sep 1, 2024 23:54:54.557301998 CEST4434981934.160.144.191192.168.2.4
                                                              Sep 1, 2024 23:54:54.557502031 CEST4434981934.160.144.191192.168.2.4
                                                              Sep 1, 2024 23:54:54.560194969 CEST49819443192.168.2.434.160.144.191
                                                              Sep 1, 2024 23:54:54.560273886 CEST49819443192.168.2.434.160.144.191
                                                              Sep 1, 2024 23:54:54.560324907 CEST4434981934.160.144.191192.168.2.4
                                                              Sep 1, 2024 23:54:54.560378075 CEST49819443192.168.2.434.160.144.191
                                                              Sep 1, 2024 23:54:54.680596113 CEST4434982034.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.680672884 CEST49820443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.685404062 CEST49820443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.685414076 CEST4434982034.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.685475111 CEST49820443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.685543060 CEST4434982034.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.685621977 CEST49820443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.692250013 CEST49821443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.692279100 CEST4434982134.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.692949057 CEST49821443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.694228888 CEST49821443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:54.694242954 CEST4434982134.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:54.832931042 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:54.837789059 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:54.924232006 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:54.971482992 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:55.148118973 CEST4434982134.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:55.156501055 CEST4434982134.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:55.164511919 CEST49821443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:55.178761005 CEST49821443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:55.178776026 CEST4434982134.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:55.178838968 CEST49821443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:55.178921938 CEST4434982134.117.188.166192.168.2.4
                                                              Sep 1, 2024 23:54:55.179164886 CEST49821443192.168.2.434.117.188.166
                                                              Sep 1, 2024 23:54:55.755341053 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:55.758888960 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:55.760165930 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:55.763703108 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:55.847568035 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:55.849317074 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:55.868892908 CEST49822443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:54:55.868913889 CEST4434982234.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:54:55.869446039 CEST49822443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:54:55.870870113 CEST49822443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:54:55.870881081 CEST4434982234.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:54:55.893297911 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:55.893376112 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:55.904854059 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:55.909672976 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:55.997520924 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:56.056112051 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:56.309779882 CEST4434982234.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:54:56.309937000 CEST49822443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:54:56.313002110 CEST49798443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:56.313026905 CEST44349798172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:56.313040972 CEST49799443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:56.313065052 CEST44349799172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:56.316977024 CEST49822443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:54:56.316981077 CEST4434982234.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:54:56.317065954 CEST49822443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:54:56.317123890 CEST4434982234.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:54:56.317205906 CEST49822443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:54:56.565759897 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:56.571633101 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:56.658603907 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:56.711251020 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:57.008357048 CEST49824443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:57.008380890 CEST4434982435.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:57.008548021 CEST49824443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:57.008673906 CEST49824443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:57.008687019 CEST4434982435.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:57.342628002 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:57.363498926 CEST49825443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:57.363512993 CEST4434982534.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:57.366138935 CEST49825443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:57.369612932 CEST49825443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:57.369622946 CEST4434982534.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:57.386364937 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:57.395801067 CEST49826443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:57.395843983 CEST4434982634.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:57.396991014 CEST49826443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:57.398365021 CEST49826443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:57.398380041 CEST4434982634.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:57.441823006 CEST4434982435.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:57.441930056 CEST49824443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:57.444514036 CEST49824443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:57.444519043 CEST4434982435.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:57.444710016 CEST4434982435.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:57.448889971 CEST49824443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:57.448976994 CEST49824443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:57.449012995 CEST4434982435.244.181.201192.168.2.4
                                                              Sep 1, 2024 23:54:57.450680017 CEST49824443192.168.2.435.244.181.201
                                                              Sep 1, 2024 23:54:57.462335110 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:57.467117071 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:57.473314047 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:57.524576902 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:57.552746058 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:57.555363894 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:57.560208082 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:57.601428032 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:57.647634983 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:57.704652071 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:57.968472958 CEST4434982534.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:57.968579054 CEST49825443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:57.972803116 CEST4434982634.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:57.979293108 CEST49826443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:57.993204117 CEST49825443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:57.993217945 CEST4434982534.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:57.993326902 CEST4434982534.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:57.993494987 CEST49825443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:57.993500948 CEST4434982534.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:57.993818998 CEST49826443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:57.993844986 CEST4434982634.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:57.993872881 CEST49826443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:57.993957043 CEST4434982634.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:57.996601105 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:57.997272015 CEST49826443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.001698017 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:58.004079103 CEST49827443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.004098892 CEST4434982734.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.004174948 CEST49828443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.004192114 CEST4434982834.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.004230976 CEST49827443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.004298925 CEST49827443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.004317999 CEST4434982734.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.004375935 CEST49828443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.004477978 CEST49828443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.004493952 CEST4434982834.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.007215023 CEST49829443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.007224083 CEST4434982934.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.007507086 CEST49829443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.017396927 CEST49829443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.017405987 CEST4434982934.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.087785959 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:58.090771914 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:58.095638037 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:58.141372919 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:58.183176041 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:58.200503111 CEST4434982534.149.100.209192.168.2.4
                                                              Sep 1, 2024 23:54:58.200560093 CEST49825443192.168.2.434.149.100.209
                                                              Sep 1, 2024 23:54:58.225967884 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:58.447175026 CEST4434982834.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.447469950 CEST49828443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.450819016 CEST49828443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.450830936 CEST4434982834.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.451031923 CEST4434982834.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.453881979 CEST49828443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.453977108 CEST49828443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.455538988 CEST4434982834.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.456728935 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:58.457009077 CEST49828443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.461509943 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:58.462554932 CEST4434982934.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.464571953 CEST49829443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.465665102 CEST4434982734.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.465945005 CEST49827443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.468641043 CEST49827443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.468646049 CEST4434982734.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.468833923 CEST4434982734.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.472475052 CEST49829443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.472486973 CEST4434982934.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.472537994 CEST49829443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.472613096 CEST4434982934.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.472830057 CEST49827443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.472830057 CEST49827443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.472923994 CEST4434982734.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.474114895 CEST49829443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.474138021 CEST49827443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.476828098 CEST49830443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.476847887 CEST4434983034.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.477050066 CEST49830443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.478352070 CEST49830443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.478360891 CEST4434983034.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.547525883 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:58.550137997 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:58.554884911 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:58.588371038 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:58.642494917 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:58.688575029 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:58.921756983 CEST4434983034.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.921850920 CEST49830443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.925395012 CEST49830443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.925401926 CEST4434983034.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.925488949 CEST49830443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.925519943 CEST4434983034.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:54:58.926702023 CEST49830443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:54:58.928352118 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:58.933518887 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:59.019463062 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:59.023032904 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:59.027812004 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:59.062931061 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:54:59.115309954 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:54:59.159626961 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:00.069083929 CEST49831443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.069116116 CEST4434983134.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.069233894 CEST49832443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.069242954 CEST4434983234.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.070895910 CEST49832443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.070895910 CEST49831443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.071024895 CEST49831443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.071039915 CEST4434983134.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.071103096 CEST49832443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.071114063 CEST4434983234.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.079094887 CEST49833443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.079113960 CEST4434983334.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.093853951 CEST49833443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.108059883 CEST49833443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.108072042 CEST4434983334.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.202492952 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.202549934 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.202642918 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.202883005 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.202899933 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.505991936 CEST4434983134.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.506062031 CEST49831443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.509000063 CEST49831443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.509007931 CEST4434983134.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.509243965 CEST4434983134.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.511897087 CEST49831443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.512007952 CEST4434983134.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.512008905 CEST49831443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.512022018 CEST4434983134.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.516382933 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:00.521155119 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:00.523339987 CEST4434983234.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.523396015 CEST49832443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.525719881 CEST49832443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.525724888 CEST4434983234.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.525921106 CEST4434983234.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.528085947 CEST49832443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.528153896 CEST49832443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.528206110 CEST4434983234.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.528682947 CEST49832443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.571491957 CEST4434983334.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.571501970 CEST4434983334.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.571552992 CEST49833443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.574115992 CEST49833443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.574120998 CEST4434983334.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.574312925 CEST4434983334.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.576823950 CEST49833443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.576863050 CEST49833443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.576946974 CEST4434983334.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.577104092 CEST49833443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.607640028 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:00.610112906 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:00.616527081 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:00.648796082 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:00.668808937 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.669131994 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.669157028 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.669470072 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.670249939 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.670311928 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.670376062 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.703963995 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:00.711297035 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.711303949 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.720501900 CEST4434983134.120.208.123192.168.2.4
                                                              Sep 1, 2024 23:55:00.720566988 CEST49831443192.168.2.434.120.208.123
                                                              Sep 1, 2024 23:55:00.749092102 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:00.811872959 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.811927080 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:00.811971903 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.812237024 CEST49834443192.168.2.423.55.235.170
                                                              Sep 1, 2024 23:55:00.812248945 CEST4434983423.55.235.170192.168.2.4
                                                              Sep 1, 2024 23:55:02.103506088 CEST49835443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:02.103559017 CEST4434983534.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:02.103842974 CEST49835443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:02.105320930 CEST49835443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:02.105336905 CEST4434983534.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:02.569109917 CEST4434983534.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:02.569185972 CEST49835443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:02.573767900 CEST49835443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:02.573780060 CEST4434983534.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:02.573852062 CEST49835443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:02.573928118 CEST4434983534.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:02.574023008 CEST49835443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:02.717566013 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:02.722654104 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:02.808554888 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:02.835190058 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:02.840117931 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:02.862371922 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:02.928695917 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:02.978283882 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:05.750725031 CEST4972380192.168.2.4138.113.27.176
                                                              Sep 1, 2024 23:55:05.756436110 CEST8049723138.113.27.176192.168.2.4
                                                              Sep 1, 2024 23:55:05.756500006 CEST4972380192.168.2.4138.113.27.176
                                                              Sep 1, 2024 23:55:09.206839085 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:09.214143038 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:09.300668001 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:09.304701090 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:09.310080051 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:09.341794014 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:09.397912025 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:09.449578047 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:12.901880026 CEST49837443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:12.901923895 CEST4434983734.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:12.902692080 CEST49837443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:12.904625893 CEST49837443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:12.904643059 CEST4434983734.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:13.359097958 CEST4434983734.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:13.359796047 CEST49837443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:13.364664078 CEST49837443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:13.364674091 CEST4434983734.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:13.364768028 CEST49837443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:13.364818096 CEST4434983734.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:13.365916967 CEST49837443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:13.367674112 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:13.372462988 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:13.458748102 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:13.467020988 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:13.472079992 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:13.518280983 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:13.560049057 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:13.602971077 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:23.475847960 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:23.535696030 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:23.573016882 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:23.577855110 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:33.394368887 CEST49838443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:33.394416094 CEST4434983834.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:33.394514084 CEST49838443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:33.395936966 CEST49838443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:33.395957947 CEST4434983834.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:33.545481920 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:33.550396919 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:33.583280087 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:33.588062048 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:34.742522955 CEST4434983834.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:34.742666960 CEST49838443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:34.747463942 CEST49838443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:34.747478008 CEST4434983834.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:34.747567892 CEST49838443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:34.747622013 CEST4434983834.107.243.93192.168.2.4
                                                              Sep 1, 2024 23:55:34.748219013 CEST49838443192.168.2.434.107.243.93
                                                              Sep 1, 2024 23:55:34.750401974 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:34.755235910 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:34.840894938 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:34.845719099 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:34.850586891 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:34.886301041 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:34.938599110 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:34.986593008 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:37.494431973 CEST49790443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:55:37.494446039 CEST44349790142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:55:37.494499922 CEST49789443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:55:37.494505882 CEST44349789142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:55:44.846795082 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:44.851850033 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:44.947047949 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:44.951829910 CEST804980634.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:54.857206106 CEST4980880192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:54.862091064 CEST804980834.107.221.82192.168.2.4
                                                              Sep 1, 2024 23:55:54.957412958 CEST4980680192.168.2.434.107.221.82
                                                              Sep 1, 2024 23:55:54.962189913 CEST804980634.107.221.82192.168.2.4

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 1, 2024 23:53:57.289683104 CEST53571881.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:53:59.476032972 CEST5538853192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:53:59.476233959 CEST6467753192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:53:59.775249004 CEST6394153192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:53:59.775638103 CEST5815453192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:53:59.782358885 CEST53639411.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:53:59.782857895 CEST53581541.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:00.569217920 CEST53651061.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:01.008872986 CEST53582941.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:01.763130903 CEST5746853192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:01.763295889 CEST5334053192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:01.763602018 CEST6518353192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:01.763729095 CEST5132753192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:01.770951033 CEST53533401.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:01.770962954 CEST53651831.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:01.770971060 CEST53513271.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:01.771035910 CEST53574681.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:01.915844917 CEST5177353192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:01.915996075 CEST5639753192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:01.922595024 CEST53517731.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:01.922645092 CEST53563971.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:02.644201994 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:02.944370985 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.077656984 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.077727079 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.077956915 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.078011036 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.078023911 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.082631111 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.084330082 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.084445953 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.084882975 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.084933996 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.085052967 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.085145950 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.085227966 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.085314989 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.085386038 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.085468054 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.177483082 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.177716017 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.177725077 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.177732944 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.180015087 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.180958033 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.182066917 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.182113886 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.182121992 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.182209015 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.182279110 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.182288885 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.193311930 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.417124033 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.417196035 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.417392015 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.417951107 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.418122053 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.418241978 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.469070911 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.506019115 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.509902000 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:03.582601070 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:03.586985111 CEST5941953192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:03.594366074 CEST53594191.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:03.597088099 CEST5223053192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:03.603656054 CEST53522301.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:04.517047882 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:04.517287016 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:04.607347965 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:04.608525038 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:04.608612061 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:04.609579086 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:04.850328922 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:04.850428104 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:05.078739882 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:05.078748941 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:05.078847885 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:05.079829931 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:05.298830032 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:05.298964977 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:05.390136003 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:05.390583992 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:05.391047955 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:05.391256094 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:05.486917019 CEST4980153192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:05.495253086 CEST5324253192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:05.503720999 CEST53532421.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:05.520688057 CEST5318253192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:05.528074980 CEST53531821.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:06.279436111 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:06.279728889 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:06.590214968 CEST5474153192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:06.590759039 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:06.593660116 CEST6407353192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:06.595523119 CEST6015853192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:06.599678993 CEST53547411.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:06.600950956 CEST53640731.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:06.658068895 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:06.677355051 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:06.677860022 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:06.677869081 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:06.680011988 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:06.747936964 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:06.911648989 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.023101091 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.023190975 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.023705959 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.029416084 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.029469013 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.029479980 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.029525042 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.029700041 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.030047894 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.031126976 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.031236887 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.031543970 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.031599998 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.042876005 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.259376049 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.288677931 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.288722038 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.288731098 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.288738966 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.288955927 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.288958073 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.288968086 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.288973093 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.288983107 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.289215088 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.289530039 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.289628029 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.294584990 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.295301914 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:07.379920959 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.381133080 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:07.406642914 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:14.410214901 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:14.410288095 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:14.510901928 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:14.549120903 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:14.553352118 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:14.553767920 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:14.554477930 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:14.606076002 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:14.669734955 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:17.345447063 CEST138138192.168.2.4192.168.2.255
                                                              Sep 1, 2024 23:54:18.489959955 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.490083933 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:18.580769062 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.582987070 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.583112955 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:18.583569050 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.444538116 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.444993973 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.446074963 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.534790039 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.535523891 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.535653114 CEST44363159172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.536252022 CEST63159443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.754954100 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.875292063 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.875310898 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.875439882 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.875452995 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.875463009 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:19.915062904 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.916488886 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.916743994 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.916837931 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.917148113 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:19.917222977 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:20.014462948 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:20.014477968 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:20.014486074 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:20.014493942 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:20.014930010 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:20.014997005 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:20.015069962 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:20.019552946 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:20.034003019 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:20.107783079 CEST44365050172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:20.188956022 CEST65050443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:30.155289888 CEST5597653192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.162278891 CEST53559761.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:30.179683924 CEST5289453192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.179858923 CEST5649353192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.186600924 CEST53564931.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:30.187118053 CEST5611753192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.190726995 CEST53528941.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:30.191886902 CEST4972253192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.193634987 CEST53561171.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:30.199742079 CEST53497221.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:30.574229956 CEST5956253192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.581034899 CEST53595621.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:30.582110882 CEST5391853192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.589725018 CEST53539181.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:30.590272903 CEST6014353192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.597055912 CEST53601431.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:30.617285013 CEST6369153192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:30.848978996 CEST5629553192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:35.101332903 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:35.208218098 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:35.208372116 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:35.208570004 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:35.236439943 CEST59587443192.168.2.4142.250.72.110
                                                              Sep 1, 2024 23:54:35.325843096 CEST44359587142.250.72.110192.168.2.4
                                                              Sep 1, 2024 23:54:53.508625031 CEST6347753192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:53.525528908 CEST53634771.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:53.745893955 CEST6020653192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:53.753074884 CEST53602061.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:53.757651091 CEST4956753192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:53.763653994 CEST6191653192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:53.764524937 CEST53495671.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:53.770715952 CEST53619161.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:53.775964975 CEST5181553192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:53.782315016 CEST5189353192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:53.782664061 CEST53518151.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:53.789086103 CEST53518931.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:53.790263891 CEST5544053192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:53.799082041 CEST53554401.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:53.898557901 CEST6153353192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:54.005143881 CEST6008153192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:54.111134052 CEST53600811.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:54.120300055 CEST5345553192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:54.128434896 CEST53534551.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:54.136502028 CEST5052653192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:54.143486977 CEST53583891.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:54.144074917 CEST53505261.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:55.103224039 CEST5627553192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:55.109906912 CEST53562751.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:55.176007986 CEST6324953192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:55.182648897 CEST53632491.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:55.188683033 CEST5487153192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:55.196232080 CEST53548711.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:57.396297932 CEST5540653192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:57.403304100 CEST53554061.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:57.419928074 CEST6124753192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:57.426531076 CEST53612471.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:57.890338898 CEST6280453192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:57.970602989 CEST53628041.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:57.971235991 CEST6050153192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:57.978636980 CEST53605011.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:57.979919910 CEST5723853192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:54:57.987354994 CEST53572381.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:54:59.499578953 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:59.499730110 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:59.499950886 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:59.500020027 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:59.924063921 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:54:59.924554110 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:54:59.962524891 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:00.015717983 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.015727997 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.015734911 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.015738010 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.016077042 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:00.016149998 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:00.106507063 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.106936932 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:00.200023890 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.200948000 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.201988935 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.202142000 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:00.433598042 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:00.433751106 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:00.525576115 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.526635885 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.527205944 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:00.527621984 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:00.528634071 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:00.833884001 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:00.955221891 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:00.956182003 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:00.956224918 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:00.956235886 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:00.956305981 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:00.956852913 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:00.958856106 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:00.958978891 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:01.049587011 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:01.049617052 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:01.049659967 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:01.049668074 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:01.049932003 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:01.049932003 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:01.140691996 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:02.103769064 CEST6073753192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:55:02.112076998 CEST53607371.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:55:07.422920942 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:07.423039913 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:07.515378952 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:07.516613007 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:07.517900944 CEST44351786172.64.41.3192.168.2.4
                                                              Sep 1, 2024 23:55:07.518162966 CEST51786443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 23:55:07.518651009 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:07.518754005 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:07.952783108 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:07.953289032 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:07.953298092 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:07.953309059 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:07.953355074 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:07.953505993 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:07.954153061 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:07.954374075 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:08.244946003 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:08.244961977 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:08.244970083 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:08.244997025 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:08.245007992 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:08.245014906 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:08.247155905 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:08.247266054 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:08.247339010 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:08.260752916 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:08.264065981 CEST52657443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 23:55:08.377548933 CEST44352657172.253.115.84192.168.2.4
                                                              Sep 1, 2024 23:55:12.905225039 CEST5507853192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:55:12.912272930 CEST53550781.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:55:13.368128061 CEST5012053192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:55:21.049470901 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:21.076782942 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:21.561403036 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:21.596055984 CEST65003443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:55:31.047897100 CEST44365003104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:55:33.386064053 CEST5435653192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:55:33.393193007 CEST53543561.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:55:33.393944979 CEST6175653192.168.2.41.1.1.1
                                                              Sep 1, 2024 23:55:33.400613070 CEST53617561.1.1.1192.168.2.4
                                                              Sep 1, 2024 23:56:00.498709917 CEST55189443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:56:00.971976995 CEST44355189104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:56:00.973012924 CEST44355189104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:56:00.973387957 CEST55189443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:56:01.069761992 CEST44355189104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:56:01.069938898 CEST44355189104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:56:01.069947958 CEST44355189104.70.121.171192.168.2.4
                                                              Sep 1, 2024 23:56:01.070163012 CEST55189443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:56:01.099025965 CEST55189443192.168.2.4104.70.121.171
                                                              Sep 1, 2024 23:56:01.176048994 CEST44355189104.70.121.171192.168.2.4

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 1, 2024 23:53:59.476032972 CEST192.168.2.41.1.1.10xe1c6Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:53:59.476233959 CEST192.168.2.41.1.1.10xf163Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                              Sep 1, 2024 23:53:59.775249004 CEST192.168.2.41.1.1.10xffc3Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:53:59.775638103 CEST192.168.2.41.1.1.10x6275Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.763130903 CEST192.168.2.41.1.1.10xcbe0Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.763295889 CEST192.168.2.41.1.1.10x37bbStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.763602018 CEST192.168.2.41.1.1.10xcad6Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.763729095 CEST192.168.2.41.1.1.10x350dStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.915844917 CEST192.168.2.41.1.1.10x7200Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.915996075 CEST192.168.2.41.1.1.10xd25fStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 23:54:03.586985111 CEST192.168.2.41.1.1.10x20d4Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:03.597088099 CEST192.168.2.41.1.1.10x89e3Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:05.486917019 CEST192.168.2.41.1.1.10x860Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:05.495253086 CEST192.168.2.41.1.1.10xea82Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:05.520688057 CEST192.168.2.41.1.1.10x6b7fStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.590214968 CEST192.168.2.41.1.1.10x13b0Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.593660116 CEST192.168.2.41.1.1.10x73e2Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.595523119 CEST192.168.2.41.1.1.10x13b2Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.155289888 CEST192.168.2.41.1.1.10xf558Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.179683924 CEST192.168.2.41.1.1.10xec67Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.179858923 CEST192.168.2.41.1.1.10x26a0Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.187118053 CEST192.168.2.41.1.1.10x7634Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.191886902 CEST192.168.2.41.1.1.10x8165Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.574229956 CEST192.168.2.41.1.1.10xeb31Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.582110882 CEST192.168.2.41.1.1.10x435cStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.590272903 CEST192.168.2.41.1.1.10x57b9Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.617285013 CEST192.168.2.41.1.1.10x875aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.848978996 CEST192.168.2.41.1.1.10x788fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.508625031 CEST192.168.2.41.1.1.10xf0eaStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.745893955 CEST192.168.2.41.1.1.10xc4d0Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.757651091 CEST192.168.2.41.1.1.10x7a50Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.763653994 CEST192.168.2.41.1.1.10x330Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.775964975 CEST192.168.2.41.1.1.10x2adeStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.782315016 CEST192.168.2.41.1.1.10x9677Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.790263891 CEST192.168.2.41.1.1.10x798Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.898557901 CEST192.168.2.41.1.1.10x65f2Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.005143881 CEST192.168.2.41.1.1.10x99c0Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.120300055 CEST192.168.2.41.1.1.10xed8cStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.136502028 CEST192.168.2.41.1.1.10x1320Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:55.103224039 CEST192.168.2.41.1.1.10x5cdfStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:55.176007986 CEST192.168.2.41.1.1.10x8424Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:55.188683033 CEST192.168.2.41.1.1.10x4f12Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.396297932 CEST192.168.2.41.1.1.10x9364Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.419928074 CEST192.168.2.41.1.1.10x7f0eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.890338898 CEST192.168.2.41.1.1.10x27cfStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.971235991 CEST192.168.2.41.1.1.10x7066Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.979919910 CEST192.168.2.41.1.1.10xaecStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:55:02.103769064 CEST192.168.2.41.1.1.10xf7b1Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                              Sep 1, 2024 23:55:12.905225039 CEST192.168.2.41.1.1.10xb7a8Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                              Sep 1, 2024 23:55:13.368128061 CEST192.168.2.41.1.1.10x7617Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:55:33.386064053 CEST192.168.2.41.1.1.10x6575Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:55:33.393944979 CEST192.168.2.41.1.1.10x6ff0Standard query (0)push.services.mozilla.com28IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 1, 2024 23:53:59.482801914 CEST1.1.1.1192.168.2.40xf163No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:53:59.482913971 CEST1.1.1.1192.168.2.40xe1c6No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:53:59.782358885 CEST1.1.1.1192.168.2.40xffc3No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:53:59.782358885 CEST1.1.1.1192.168.2.40xffc3No error (0)googlehosted.l.googleusercontent.com142.250.185.161A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:53:59.782857895 CEST1.1.1.1192.168.2.40x6275No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.280256033 CEST1.1.1.1192.168.2.40xc245No error (0)shed.dual-low.s-part-0029.t-0009.t-msedge.nets-part-0029.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.280256033 CEST1.1.1.1192.168.2.40xc245No error (0)s-part-0029.t-0009.t-msedge.net13.107.246.57A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.495707035 CEST1.1.1.1192.168.2.40x5dbaNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.495764017 CEST1.1.1.1192.168.2.40x8206No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.495764017 CEST1.1.1.1192.168.2.40x8206No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.770951033 CEST1.1.1.1192.168.2.40x37bbNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.770962954 CEST1.1.1.1192.168.2.40xcad6No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.770962954 CEST1.1.1.1192.168.2.40xcad6No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.770971060 CEST1.1.1.1192.168.2.40x350dNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.771035910 CEST1.1.1.1192.168.2.40xcbe0No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.771035910 CEST1.1.1.1192.168.2.40xcbe0No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.922595024 CEST1.1.1.1192.168.2.40x7200No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.922595024 CEST1.1.1.1192.168.2.40x7200No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:01.922645092 CEST1.1.1.1192.168.2.40xd25fNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 23:54:02.528578043 CEST1.1.1.1192.168.2.40x6df5No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:02.529017925 CEST1.1.1.1192.168.2.40xab95No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:02.529017925 CEST1.1.1.1192.168.2.40xab95No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:03.568810940 CEST1.1.1.1192.168.2.40xe185No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:03.594366074 CEST1.1.1.1192.168.2.40x20d4No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:04.548135042 CEST1.1.1.1192.168.2.40x8975No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:04.548135042 CEST1.1.1.1192.168.2.40x8975No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:05.493833065 CEST1.1.1.1192.168.2.40x860No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:05.493833065 CEST1.1.1.1192.168.2.40x860No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:05.503720999 CEST1.1.1.1192.168.2.40xea82No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:05.528074980 CEST1.1.1.1192.168.2.40x6b7fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.593100071 CEST1.1.1.1192.168.2.40x8975No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.593100071 CEST1.1.1.1192.168.2.40x8975No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.599678993 CEST1.1.1.1192.168.2.40x13b0No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.600950956 CEST1.1.1.1192.168.2.40x73e2No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.600950956 CEST1.1.1.1192.168.2.40x73e2No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.602777958 CEST1.1.1.1192.168.2.40x13b2No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.602777958 CEST1.1.1.1192.168.2.40x13b2No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.620527983 CEST1.1.1.1192.168.2.40x8975No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:06.620527983 CEST1.1.1.1192.168.2.40x8975No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:08.620687962 CEST1.1.1.1192.168.2.40x8975No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:08.620687962 CEST1.1.1.1192.168.2.40x8975No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:12.628720045 CEST1.1.1.1192.168.2.40x8975No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:12.628720045 CEST1.1.1.1192.168.2.40x8975No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.159116983 CEST1.1.1.1192.168.2.40xb4c1No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.159116983 CEST1.1.1.1192.168.2.40xb4c1No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.162278891 CEST1.1.1.1192.168.2.40xf558No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.162278891 CEST1.1.1.1192.168.2.40xf558No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.186600924 CEST1.1.1.1192.168.2.40x26a0No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.190726995 CEST1.1.1.1192.168.2.40xec67No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.581034899 CEST1.1.1.1192.168.2.40xeb31No error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.581034899 CEST1.1.1.1192.168.2.40xeb31No error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.581034899 CEST1.1.1.1192.168.2.40xeb31No error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.581034899 CEST1.1.1.1192.168.2.40xeb31No error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.589725018 CEST1.1.1.1192.168.2.40x435cNo error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.589725018 CEST1.1.1.1192.168.2.40x435cNo error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.589725018 CEST1.1.1.1192.168.2.40x435cNo error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.589725018 CEST1.1.1.1192.168.2.40x435cNo error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.623872042 CEST1.1.1.1192.168.2.40x875aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.623872042 CEST1.1.1.1192.168.2.40x875aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.856509924 CEST1.1.1.1192.168.2.40x788fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:30.856509924 CEST1.1.1.1192.168.2.40x788fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:31.308298111 CEST1.1.1.1192.168.2.40x271bNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:31.308298111 CEST1.1.1.1192.168.2.40x271bNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:31.766248941 CEST1.1.1.1192.168.2.40xeee0No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:31.766248941 CEST1.1.1.1192.168.2.40xeee0No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.500116110 CEST1.1.1.1192.168.2.40xc788No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.500116110 CEST1.1.1.1192.168.2.40xc788No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.753074884 CEST1.1.1.1192.168.2.40xc4d0No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.764524937 CEST1.1.1.1192.168.2.40x7a50No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.770715952 CEST1.1.1.1192.168.2.40x330No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.770715952 CEST1.1.1.1192.168.2.40x330No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:53.789086103 CEST1.1.1.1192.168.2.40x9677No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.110420942 CEST1.1.1.1192.168.2.40x65f2No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.111134052 CEST1.1.1.1192.168.2.40x99c0No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.111134052 CEST1.1.1.1192.168.2.40x99c0No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.111134052 CEST1.1.1.1192.168.2.40x99c0No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.128434896 CEST1.1.1.1192.168.2.40xed8cNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:54.144074917 CEST1.1.1.1192.168.2.40x1320No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 23:54:55.109906912 CEST1.1.1.1192.168.2.40x5cdfNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:55.182648897 CEST1.1.1.1192.168.2.40x8424No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.387638092 CEST1.1.1.1192.168.2.40x715fNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.403304100 CEST1.1.1.1192.168.2.40x9364No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.970602989 CEST1.1.1.1192.168.2.40x27cfNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.970602989 CEST1.1.1.1192.168.2.40x27cfNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.970602989 CEST1.1.1.1192.168.2.40x27cfNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:57.978636980 CEST1.1.1.1192.168.2.40x7066No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:54:58.006552935 CEST1.1.1.1192.168.2.40xa936No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:55:13.374798059 CEST1.1.1.1192.168.2.40x7617No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 23:55:13.374798059 CEST1.1.1.1192.168.2.40x7617No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 23:55:33.393193007 CEST1.1.1.1192.168.2.40x6575No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • clients2.googleusercontent.com
                                                              • edgeassetservice.azureedge.net
                                                              • chrome.cloudflare-dns.com
                                                              • arc.msn.com
                                                              • fs.microsoft.com
                                                              • https:
                                                                • www.google.com
                                                              • www.googleapis.com
                                                              • slscr.update.microsoft.com
                                                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              • detectportal.firefox.com

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.44978634.107.221.82804208C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 1, 2024 23:54:05.518726110 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:06.589011908 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 00:21:55 GMT
                                                              Age: 77530
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:06.589154005 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 00:21:55 GMT
                                                              Age: 77530
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:06.589399099 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 00:21:55 GMT
                                                              Age: 77530
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:16.592808008 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:54:26.647768974 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:54:30.617073059 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:30.846524954 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 00:21:55 GMT
                                                              Age: 77555
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.44978734.107.221.82804208C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 1, 2024 23:54:06.608544111 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:07.042028904 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70728
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:07.289484978 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70728
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:17.048439026 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:54:27.064513922 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.44980634.107.221.82804208C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 1, 2024 23:54:30.862251997 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:31.302305937 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70753
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:31.739221096 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:31.831954002 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70753
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:31.848378897 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:31.940809011 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70753
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:41.945523024 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:54:51.964134932 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:54:53.765537977 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:53.857752085 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70775
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:54.107542992 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70775
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:55.755341053 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:55.847568035 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70777
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:55.904854059 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:55.997520924 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70777
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:57.342628002 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:57.473314047 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70779
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:57.555363894 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:57.647634983 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70779
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:58.090771914 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:58.183176041 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70780
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:58.550137997 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:58.642494917 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70780
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:54:59.023032904 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:54:59.115309954 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70781
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:55:00.610112906 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:55:00.703963995 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70782
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:55:02.835190058 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:55:02.928695917 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70784
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:55:09.304701090 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:55:09.397912025 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70791
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:55:13.467020988 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:55:13.560049057 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70795
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:55:23.573016882 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:55:33.583280087 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:55:34.845719099 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 23:55:34.938599110 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 70816
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 23:55:44.947047949 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:55:54.957412958 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.44980834.107.221.82804208C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 1, 2024 23:54:31.309514046 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:31.736567974 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72167
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:31.756130934 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:31.846538067 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72167
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:41.860907078 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:54:51.879582882 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:54:53.318465948 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:53.585319996 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72189
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:54.832931042 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:54.924232006 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72190
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:55.758888960 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:55.849317074 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72191
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:56.565759897 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:56.658603907 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72192
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:57.462335110 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:57.552746058 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72193
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:57.996601105 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:58.087785959 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72194
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:58.456728935 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:58.547525883 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72194
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:54:58.928352118 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:54:59.019463062 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72194
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:55:00.516382933 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:55:00.607640028 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72196
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:55:02.717566013 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:55:02.808554888 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72198
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:55:09.206839085 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:55:09.300668001 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72205
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:55:13.367674112 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:55:13.458748102 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72209
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:55:23.475847960 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:55:33.545481920 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:55:34.750401974 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 23:55:34.840894938 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 72230
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 23:55:44.846795082 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 23:55:54.857206106 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.449745142.250.185.1614437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:00 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                              Host: clients2.googleusercontent.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:01 UTC565INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Content-Length: 135751
                                                              X-GUploader-UploadID: AD-8ljvMYnhlVkrc1EfMJDl1r0TMYFs9OYJ7-Z4zYvQiUj3XnnoMp-t8ZQkY-WhApprCKsHvzWg
                                                              X-Goog-Hash: crc32c=IDdmTg==
                                                              Server: UploadServer
                                                              Date: Sun, 01 Sep 2024 19:26:09 GMT
                                                              Expires: Mon, 01 Sep 2025 19:26:09 GMT
                                                              Cache-Control: public, max-age=31536000
                                                              Age: 8872
                                                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                              Content-Type: application/x-chrome-extension
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-01 21:54:01 UTC825INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                              2024-09-01 21:54:01 UTC1390INData Raw: 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 17
                                                              Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                              2024-09-01 21:54:01 UTC1390INData Raw: 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 a2
                                                              Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                              2024-09-01 21:54:01 UTC1390INData Raw: 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c 0d
                                                              Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                              2024-09-01 21:54:01 UTC1390INData Raw: 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe e3
                                                              Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                              2024-09-01 21:54:01 UTC1390INData Raw: 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 49
                                                              Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,pI
                                                              2024-09-01 21:54:01 UTC1390INData Raw: 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 61
                                                              Data Ascii: =%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhPa
                                                              2024-09-01 21:54:01 UTC1390INData Raw: c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 c3
                                                              Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                              2024-09-01 21:54:01 UTC1390INData Raw: 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 90
                                                              Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                              2024-09-01 21:54:01 UTC1390INData Raw: 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f 97
                                                              Data Ascii: N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.44975613.107.246.574437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:01 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: ArbitrationService
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:02 UTC559INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:01 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 11989
                                                              Connection: close
                                                              Last-Modified: Fri, 23 Aug 2024 00:10:35 GMT
                                                              ETag: 0x8DCC30802EF150E
                                                              x-ms-request-id: 903262f1-801e-001b-4826-f94695000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215401Z-16579567576p25xcxh3nycmsaw00000006ng00000000c0e6
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:02 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                              Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.44975513.107.246.574437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:01 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: Shoreline
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:02 UTC577INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:01 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 306698
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                              ETag: 0x8DBC9B5C40EBFF4
                                                              x-ms-request-id: c3ea0861-301e-0002-54a0-fc6afd000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215401Z-165795675766wv96mecap1swx4000000070000000000gf17
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:02 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                              2024-09-01 21:54:02 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                              Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                              2024-09-01 21:54:02 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                              Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                              2024-09-01 21:54:02 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                              Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                              2024-09-01 21:54:02 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                              Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                              2024-09-01 21:54:02 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                              Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                              2024-09-01 21:54:02 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                              Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                              2024-09-01 21:54:02 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                              Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                              2024-09-01 21:54:02 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                              Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                              2024-09-01 21:54:02 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                              Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.449758172.64.41.34437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-01 21:54:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-01 21:54:02 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sun, 01 Sep 2024 21:54:02 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8bc87f1c3fb74264-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-01 21:54:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 03 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom))


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.449757172.64.41.34437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-01 21:54:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-01 21:54:02 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sun, 01 Sep 2024 21:54:02 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8bc87f1c6eb80fab-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-01 21:54:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fe 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom#)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.449759172.64.41.34437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-01 21:54:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-01 21:54:02 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sun, 01 Sep 2024 21:54:02 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8bc87f1e18bc7ca8-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-01 21:54:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 25 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom%A)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.44976013.107.246.574437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:02 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: EntityExtractionDomainsConfig
                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                              Sec-Mesh-Client-OS: Windows
                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                              Sec-Mesh-Client-Arch: x86_64
                                                              Sec-Mesh-Client-WebView: 0
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:02 UTC583INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:02 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 70207
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                              ETag: 0x8DCB31E67C22927
                                                              x-ms-request-id: 66f87118-601e-001a-2116-f94768000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215402Z-165795675762gt5gbs4b9bazh800000006p000000000pfz5
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:02 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                              2024-09-01 21:54:02 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                              Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                              2024-09-01 21:54:02 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                              Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                              2024-09-01 21:54:02 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                              Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                              2024-09-01 21:54:02 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                              Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.44976820.96.153.1114437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:04 UTC616OUTGET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=8684241135348538038&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1
                                                              Host: arc.msn.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:04 UTC633INHTTP/1.1 200 OK
                                                              Cache-Control: max-age=86400, private
                                                              Content-Length: 2061
                                                              Content-Type: application/json; charset=utf-8
                                                              Expires: Mon, 01 Jan 0001 00:00:00 GMT
                                                              Server: Microsoft-IIS/10.0
                                                              ARC-RSP-DBG: [{"X-RADID":"P425775005-T700421790-C128000000003081749"},{"BATCH_REDIRECT_STORE":"B128000000003081749+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
                                                              Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
                                                              X-AspNet-Version: 4.0.30319
                                                              X-Powered-By: ASP.NET
                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                              Date: Sun, 01 Sep 2024 21:54:03 GMT
                                                              Connection: close
                                                              2024-09-01 21:54:04 UTC2061INData Raw: 7b 22 66 22 3a 22 72 61 66 22 2c 22 76 22 3a 22 31 2e 30 22 2c 22 72 64 72 22 3a 5b 7b 22 63 22 3a 22 41 6e 61 68 65 69 6d 20 50 61 73 73 77 6f 72 64 20 4d 6f 6e 69 74 6f 72 22 2c 22 75 22 3a 22 43 6f 6e 73 65 6e 74 20 53 61 76 65 20 50 61 73 73 77 6f 72 64 22 7d 5d 2c 22 61 64 22 3a 7b 22 54 49 54 4c 45 5f 53 41 56 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 55 50 44 41 54 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 4e 4f 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64
                                                              Data Ascii: {"f":"raf","v":"1.0","rdr":[{"c":"Anaheim Password Monitor","u":"Consent Save Password"}],"ad":{"TITLE_SAVE":"Save your password","TITLE_UPDATE":"Save your password","TITLE_SAVED_PASSWORD":"Save your password","TITLE_NO_SAVED_PASSWORD":"Save your password


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.44976913.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:04 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:04 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:04 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1966
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                              ETag: 0x8DBDCB5EC122A94
                                                              x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215404Z-16579567576gnfmq2acf56mm7000000006y00000000037ny
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:04 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.44977113.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:04 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:04 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:04 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1751
                                                              Connection: close
                                                              Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                              ETag: 0x8DBCEA8D5AACC85
                                                              x-ms-request-id: dea807c8-f01e-005b-3b60-fa6f7b000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215404Z-16579567576rt7gkm43y59pk3800000006wg000000007139
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:04 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.44977013.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:04 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:04 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:04 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1427
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                              ETag: 0x8DBDCB5EF021F8E
                                                              x-ms-request-id: 27316467-401e-0006-7b60-fa9f7f000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215404Z-16579567576h9nndaeer0cv35w00000006wg0000000077pq
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:04 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.44977313.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:04 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:04 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:04 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 2008
                                                              Connection: close
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                              ETag: 0x8DBC9B5C0C17219
                                                              x-ms-request-id: 32a19201-701e-002c-2560-faea3a000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215404Z-16579567576xfl5xzh7yws029s00000006vg00000000q20h
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:04 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.44977213.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:04 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:04 UTC515INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:04 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 2229
                                                              Connection: close
                                                              Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                              ETag: 0x8DBD59359A9E77B
                                                              x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215404Z-16579567576kv75wmks9m65qec000000073000000000g98c
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:04 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.44977413.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:04 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:04 UTC543INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:04 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1154
                                                              Connection: close
                                                              Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                              ETag: 0x8DBD5935D5B3965
                                                              x-ms-request-id: d224f29e-c01e-003e-65a0-fcde26000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215404Z-16579567576vpzq62mgx0my8kw000000075g000000008c68
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:04 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.44978013.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:04 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:05 UTC543INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 21:54:04 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1468
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                              ETag: 0x8DBDCB5E23DFC43
                                                              x-ms-request-id: 7e487c98-101e-0051-6ba0-fc76f2000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T215404Z-16579567576phhfj0h0z9mnmag00000006v0000000009yrs
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 21:54:05 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.449781184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:05 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-09-01 21:54:05 UTC467INHTTP/1.1 200 OK
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF70)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-neu-z1
                                                              Cache-Control: public, max-age=154295
                                                              Date: Sun, 01 Sep 2024 21:54:05 GMT
                                                              Connection: close
                                                              X-CID: 2


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.449783142.250.72.1104437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:05 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:06 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Sun, 01 Sep 2024 21:54:05 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.449782142.250.72.1104437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:05 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:06 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Sun, 01 Sep 2024 21:54:05 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.449784184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:06 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                              Range: bytes=0-2147483646
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-09-01 21:54:06 UTC515INHTTP/1.1 200 OK
                                                              ApiVersion: Distribute 1.1
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF06)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-weu-z1
                                                              Cache-Control: public, max-age=154294
                                                              Date: Sun, 01 Sep 2024 21:54:06 GMT
                                                              Content-Length: 55
                                                              Connection: close
                                                              X-CID: 2
                                                              2024-09-01 21:54:06 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.449785142.251.35.1644437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:06 UTC899OUTGET /favicon.ico HTTP/1.1
                                                              Host: www.google.com
                                                              Connection: keep-alive
                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                              sec-ch-ua-mobile: ?0
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              sec-ch-ua-arch: "x86"
                                                              sec-ch-ua-full-version: "117.0.2045.47"
                                                              sec-ch-ua-platform-version: "10.0.0"
                                                              sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                              sec-ch-ua-bitness: "64"
                                                              sec-ch-ua-model: ""
                                                              sec-ch-ua-wow64: ?0
                                                              sec-ch-ua-platform: "Windows"
                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: image
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:06 UTC704INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                              Content-Length: 5430
                                                              X-Content-Type-Options: nosniff
                                                              Server: sffe
                                                              X-XSS-Protection: 0
                                                              Date: Sun, 01 Sep 2024 21:52:05 GMT
                                                              Expires: Mon, 09 Sep 2024 21:52:05 GMT
                                                              Cache-Control: public, max-age=691200
                                                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                              Content-Type: image/x-icon
                                                              Vary: Accept-Encoding
                                                              Age: 121
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-01 21:54:06 UTC686INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                              Data Ascii: h& ( 0.v]X:X:rY
                                                              2024-09-01 21:54:06 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb
                                                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                              2024-09-01 21:54:06 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc
                                                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                              2024-09-01 21:54:06 UTC1390INData Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: BBBBBBF!4I
                                                              2024-09-01 21:54:06 UTC574INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: $'


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.449788142.251.40.1064437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:07 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                              Host: www.googleapis.com
                                                              Connection: keep-alive
                                                              Content-Length: 119
                                                              Content-Type: application/json
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:07 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 62 2f 72 49 59 33 46 50 36 30 35 34 76 6d 73 6a 31 6e 45 56 77 52 39 39 6f 4e 6d 79 35 4d 63 31 68 53 49 35 59 4d 59 4f 74 46 55 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                              Data Ascii: {"hash":"b/rIY3FP6054vmsj1nEVwR99oNmy5Mc1hSI5YMYOtFU=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                              2024-09-01 21:54:07 UTC341INHTTP/1.1 200 OK
                                                              Content-Type: application/json; charset=UTF-8
                                                              Vary: Origin
                                                              Vary: X-Origin
                                                              Vary: Referer
                                                              Date: Sun, 01 Sep 2024 21:54:07 GMT
                                                              Server: ESF
                                                              Content-Length: 483
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-01 21:54:07 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 4b 6f 67 64 61 53 7a 33 63 32 67 6c 54 77 46 43 71 76 4c 46 73 47 7a 61 70 71 4b 59 64 30 56 77 52 78 6e 6f 79 51 6e 50 45 4b 51 4a 5a 4a 57 72 6a 61 76 46 63 33 31 75 6c 59 4f 45 4f 74 49 4c 51 6c 73 32 44 32 49 65 32 44 59 34 6e 63 63 51 31 77 70 4f 55 37 35 66 7a 53 74 73 42 63 63 6c 54 4d 6b 79 37 50 61 57 77 4c 67 55 70 6f 43 38 52 71 52 66 31 2f 6a 77 51 4e 41 77 48 34 6f 41 36 33 68 30 48 33 35 35 5a 35 41 45 56 63 70 6f 4d 63 2b 62 39 70 61 35 48 61 56 51 32 75 47 6f 39 46 44 43 4a 64 46 4e 68 65 68 6f 79 50 59 72 47 75 77 6b 75 71 4c 53 42 50 4a 67 67 44 6f 52 45 61 73 73 7a 47 4f 75 4e 79 45 73 36 46 65 35 32 79 52 70
                                                              Data Ascii: { "protocol_version": 1, "signature": "KogdaSz3c2glTwFCqvLFsGzapqKYd0VwRxnoyQnPEKQJZJWrjavFc31ulYOEOtILQls2D2Ie2DY4nccQ1wpOU75fzStsBcclTMky7PaWwLgUpoC8RqRf1/jwQNAwH4oA63h0H355Z5AEVcpoMc+b9pa5HaVQ2uGo9FDCJdFNhehoyPYrGuwkuqLSBPJggDoREasszGOuNyEs6Fe52yRp


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.44979152.165.165.26443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:12 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZVekCw97fYuOor9&MD=ghGLhWAl HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-09-01 21:54:12 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                              MS-CorrelationId: fcd3d69f-9a55-4356-b9ff-e0b64e4a21aa
                                                              MS-RequestId: 242cb55e-6e5f-45fa-bf42-8bd752e5b377
                                                              MS-CV: Kh2QY4iH0UWIGAK4.0
                                                              X-Microsoft-SLSClientCache: 2880
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Sun, 01 Sep 2024 21:54:11 GMT
                                                              Connection: close
                                                              Content-Length: 24490
                                                              2024-09-01 21:54:12 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                              2024-09-01 21:54:12 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.449797152.195.19.974437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:19 UTC616OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725832440&P2=404&P3=2&P4=X%2bQjRhQeLEIg9qu7zLTu4SfSmvSDjgLjTUkaOwkfZTHKCfmt6uO9Dcwh%2fVWTJQBtsGyU0IeVGNy30bsYWUeuxg%3d%3d HTTP/1.1
                                                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              Connection: keep-alive
                                                              MS-CV: V0lo/YuoQpYuV0JrnR6YpI
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:54:19 UTC632INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Age: 5154190
                                                              Cache-Control: public, max-age=17280000
                                                              Content-Type: application/x-chrome-extension
                                                              Date: Sun, 01 Sep 2024 21:54:19 GMT
                                                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                              Server: ECAcc (nyd/D11E)
                                                              X-AspNet-Version: 4.0.30319
                                                              X-AspNetMvc-Version: 5.3
                                                              X-Cache: HIT
                                                              X-CCC: US
                                                              X-CID: 11
                                                              X-Powered-By: ASP.NET
                                                              X-Powered-By: ARR/3.0
                                                              X-Powered-By: ASP.NET
                                                              Content-Length: 11185
                                                              Connection: close
                                                              2024-09-01 21:54:19 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.44981252.165.165.26443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:54:50 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZVekCw97fYuOor9&MD=ghGLhWAl HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-09-01 21:54:50 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                              MS-CorrelationId: befce67d-c0da-48ea-9dcb-96ecf71da100
                                                              MS-RequestId: 31dd09e8-4954-4584-89ac-2306e3aa4d69
                                                              MS-CV: gUxPdcAajkaSvZQ/.0
                                                              X-Microsoft-SLSClientCache: 1440
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Sun, 01 Sep 2024 21:54:50 GMT
                                                              Connection: close
                                                              Content-Length: 30005
                                                              2024-09-01 21:54:50 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                              2024-09-01 21:54:50 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.44983423.55.235.1704437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 21:55:00 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                              Host: bzib.nelreports.net
                                                              Connection: keep-alive
                                                              Origin: https://business.bing.com
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: content-type
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 21:55:00 UTC379INHTTP/1.1 503 Service Unavailable
                                                              Content-Length: 326
                                                              Content-Type: text/html; charset=us-ascii
                                                              Date: Sun, 01 Sep 2024 21:55:00 GMT
                                                              Connection: close
                                                              PMUSER_FORMAT_QS:
                                                              X-CDN-TraceId: 0.65a13617.1725227700.10bca39d
                                                              Access-Control-Allow-Credentials: false
                                                              Access-Control-Allow-Methods: *
                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                              Access-Control-Allow-Origin: *
                                                              2024-09-01 21:55:00 UTC326INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:17:53:51
                                                              Start date:01/09/2024
                                                              Path:C:\Users\user\Desktop\file.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                              Imagebase:0xf40000
                                                              File size:917'504 bytes
                                                              MD5 hash:449530CF1E296159DAB207CACF028A1E
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:17:53:52
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:17:53:52
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:17:53:52
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:5
                                                              Start time:17:53:52
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:6
                                                              Start time:17:53:52
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2028,i,249939025956985432,7264132615848075061,262144 /prefetch:3
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:7
                                                              Start time:17:53:52
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:8
                                                              Start time:17:53:54
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:3
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:9
                                                              Start time:17:53:57
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6344 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:10
                                                              Start time:17:53:57
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6524 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:11
                                                              Start time:17:53:57
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -parentBuildID 20230927232528 -prefsHandle 2180 -prefMapHandle 2172 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff184538-9ec4-40f1-a485-b9958cfa9ec0} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 26789c6f110 socket
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:14
                                                              Start time:17:53:59
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
                                                              Imagebase:0x7ff7d86a0000
                                                              File size:1'255'976 bytes
                                                              MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:15
                                                              Start time:17:53:59
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
                                                              Imagebase:0x7ff7d86a0000
                                                              File size:1'255'976 bytes
                                                              MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:16
                                                              Start time:17:54:02
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4460 -parentBuildID 20230927232528 -prefsHandle 4452 -prefMapHandle 4448 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8d1b33f-8176-45ae-b472-b7c5dd6dabe6} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 2679bee0510 rdd
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:18
                                                              Start time:17:54:11
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:19
                                                              Start time:17:54:12
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2096,i,9877581988244495231,1586528081353476286,262144 /prefetch:3
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:22
                                                              Start time:17:54:19
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:23
                                                              Start time:17:54:20
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2068,i,8933014677616933808,2190198672335111100,262144 /prefetch:3
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:24
                                                              Start time:17:54:54
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7416 --field-trial-handle=2056,i,14702557000730863942,17466838615074778728,262144 /prefetch:8
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:25
                                                              Start time:17:54:55
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5528 -prefMapHandle 5516 -prefsLen 34094 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96304a8a-3b32-4829-afcc-9c45cdc9719b} 4208 "\\.\pipe\gecko-crash-server-pipe.4208" 267a375cf10 utility
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:1.9%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:5.1%
                                                                Total number of Nodes:1405
                                                                Total number of Limit Nodes:38
                                                                execution_graph 94985 f43156 94988 f43170 94985->94988 94989 f43187 94988->94989 94990 f4318c 94989->94990 94991 f431eb 94989->94991 95028 f431e9 94989->95028 94992 f43265 PostQuitMessage 94990->94992 94993 f43199 94990->94993 94995 f82dfb 94991->94995 94996 f431f1 94991->94996 95029 f4316a 94992->95029 95000 f431a4 94993->95000 95001 f82e7c 94993->95001 94994 f431d0 DefWindowProcW 94994->95029 95040 f418e2 10 API calls 94995->95040 94997 f4321d SetTimer RegisterWindowMessageW 94996->94997 94998 f431f8 94996->94998 95005 f43246 CreatePopupMenu 94997->95005 94997->95029 95002 f82d9c 94998->95002 95003 f43201 KillTimer 94998->95003 95006 f82e68 95000->95006 95007 f431ae 95000->95007 95054 fabf30 34 API calls ___scrt_fastfail 95001->95054 95015 f82da1 95002->95015 95016 f82dd7 MoveWindow 95002->95016 95033 f430f2 95003->95033 95004 f82e1c 95041 f5e499 42 API calls 95004->95041 95005->95029 95053 fac161 27 API calls ___scrt_fastfail 95006->95053 95012 f82e4d 95007->95012 95013 f431b9 95007->95013 95012->94994 95052 fa0ad7 22 API calls 95012->95052 95019 f431c4 95013->95019 95020 f43253 95013->95020 95014 f82e8e 95014->94994 95014->95029 95021 f82dc6 SetFocus 95015->95021 95022 f82da7 95015->95022 95016->95029 95018 f43263 95018->95029 95019->94994 95030 f430f2 Shell_NotifyIconW 95019->95030 95038 f4326f 44 API calls ___scrt_fastfail 95020->95038 95021->95029 95022->95019 95026 f82db0 95022->95026 95039 f418e2 10 API calls 95026->95039 95028->94994 95031 f82e41 95030->95031 95042 f43837 95031->95042 95034 f43154 95033->95034 95035 f43104 ___scrt_fastfail 95033->95035 95037 f43c50 DeleteObject DestroyWindow 95034->95037 95036 f43123 Shell_NotifyIconW 95035->95036 95036->95034 95037->95029 95038->95018 95039->95029 95040->95004 95041->95019 95043 f43862 ___scrt_fastfail 95042->95043 95055 f44212 95043->95055 95046 f438e8 95048 f43906 Shell_NotifyIconW 95046->95048 95049 f83386 Shell_NotifyIconW 95046->95049 95059 f43923 95048->95059 95051 f4391c 95051->95028 95052->95028 95053->95018 95054->95014 95056 f438b7 95055->95056 95057 f835a4 95055->95057 95056->95046 95081 fac874 42 API calls _strftime 95056->95081 95057->95056 95058 f835ad DestroyIcon 95057->95058 95058->95056 95060 f43a13 95059->95060 95061 f4393f 95059->95061 95060->95051 95082 f46270 95061->95082 95064 f83393 LoadStringW 95067 f833ad 95064->95067 95065 f4395a 95087 f46b57 95065->95087 95075 f43994 ___scrt_fastfail 95067->95075 95100 f4a8c7 22 API calls __fread_nolock 95067->95100 95068 f4396f 95069 f833c9 95068->95069 95070 f4397c 95068->95070 95101 f46350 22 API calls 95069->95101 95070->95067 95072 f43986 95070->95072 95099 f46350 22 API calls 95072->95099 95078 f439f9 Shell_NotifyIconW 95075->95078 95076 f833d7 95076->95075 95102 f433c6 95076->95102 95078->95060 95079 f833f9 95080 f433c6 22 API calls 95079->95080 95080->95075 95081->95046 95111 f5fe0b 95082->95111 95084 f46295 95121 f5fddb 95084->95121 95086 f4394d 95086->95064 95086->95065 95088 f46b67 _wcslen 95087->95088 95089 f84ba1 95087->95089 95092 f46ba2 95088->95092 95093 f46b7d 95088->95093 95147 f493b2 95089->95147 95091 f84baa 95091->95091 95095 f5fddb 22 API calls 95092->95095 95146 f46f34 22 API calls 95093->95146 95096 f46bae 95095->95096 95098 f5fe0b 22 API calls 95096->95098 95097 f46b85 __fread_nolock 95097->95068 95098->95097 95099->95075 95100->95075 95101->95076 95103 f830bb 95102->95103 95104 f433dd 95102->95104 95106 f5fddb 22 API calls 95103->95106 95157 f433ee 95104->95157 95108 f830c5 _wcslen 95106->95108 95107 f433e8 95107->95079 95109 f5fe0b 22 API calls 95108->95109 95110 f830fe __fread_nolock 95109->95110 95113 f5fddb 95111->95113 95114 f5fdfa 95113->95114 95117 f5fdfc 95113->95117 95131 f6ea0c 95113->95131 95138 f64ead 7 API calls 2 library calls 95113->95138 95114->95084 95116 f6066d 95140 f632a4 RaiseException 95116->95140 95117->95116 95139 f632a4 RaiseException 95117->95139 95119 f6068a 95119->95084 95123 f5fde0 95121->95123 95122 f6ea0c ___std_exception_copy 21 API calls 95122->95123 95123->95122 95124 f5fdfa 95123->95124 95127 f5fdfc 95123->95127 95143 f64ead 7 API calls 2 library calls 95123->95143 95124->95086 95126 f6066d 95145 f632a4 RaiseException 95126->95145 95127->95126 95144 f632a4 RaiseException 95127->95144 95129 f6068a 95129->95086 95136 f73820 pre_c_initialization 95131->95136 95132 f7385e 95142 f6f2d9 20 API calls _abort 95132->95142 95134 f73849 RtlAllocateHeap 95135 f7385c 95134->95135 95134->95136 95135->95113 95136->95132 95136->95134 95141 f64ead 7 API calls 2 library calls 95136->95141 95138->95113 95139->95116 95140->95119 95141->95136 95142->95135 95143->95123 95144->95126 95145->95129 95146->95097 95148 f493c0 95147->95148 95150 f493c9 __fread_nolock 95147->95150 95148->95150 95151 f4aec9 95148->95151 95150->95091 95152 f4aedc 95151->95152 95153 f4aed9 __fread_nolock 95151->95153 95154 f5fddb 22 API calls 95152->95154 95153->95150 95155 f4aee7 95154->95155 95156 f5fe0b 22 API calls 95155->95156 95156->95153 95158 f433fe _wcslen 95157->95158 95159 f8311d 95158->95159 95160 f43411 95158->95160 95162 f5fddb 22 API calls 95159->95162 95167 f4a587 95160->95167 95164 f83127 95162->95164 95163 f4341e __fread_nolock 95163->95107 95165 f5fe0b 22 API calls 95164->95165 95166 f83157 __fread_nolock 95165->95166 95168 f4a59d 95167->95168 95171 f4a598 __fread_nolock 95167->95171 95169 f5fe0b 22 API calls 95168->95169 95170 f8f80f 95168->95170 95169->95171 95171->95163 95172 f42e37 95251 f4a961 95172->95251 95176 f42e6b 95270 f43a5a 95176->95270 95178 f42e7f 95277 f49cb3 95178->95277 95183 f82cb0 95323 fb2cf9 95183->95323 95184 f42ead 95305 f4a8c7 22 API calls __fread_nolock 95184->95305 95186 f82cc3 95188 f82ccf 95186->95188 95349 f44f39 95186->95349 95192 f44f39 68 API calls 95188->95192 95189 f42ec3 95306 f46f88 22 API calls 95189->95306 95194 f82ce5 95192->95194 95193 f42ecf 95195 f49cb3 22 API calls 95193->95195 95355 f43084 22 API calls 95194->95355 95196 f42edc 95195->95196 95307 f4a81b 41 API calls 95196->95307 95199 f42eec 95201 f49cb3 22 API calls 95199->95201 95200 f82d02 95356 f43084 22 API calls 95200->95356 95203 f42f12 95201->95203 95308 f4a81b 41 API calls 95203->95308 95204 f82d1e 95206 f43a5a 24 API calls 95204->95206 95208 f82d44 95206->95208 95207 f42f21 95211 f4a961 22 API calls 95207->95211 95357 f43084 22 API calls 95208->95357 95210 f82d50 95358 f4a8c7 22 API calls __fread_nolock 95210->95358 95213 f42f3f 95211->95213 95309 f43084 22 API calls 95213->95309 95214 f82d5e 95359 f43084 22 API calls 95214->95359 95217 f42f4b 95310 f64a28 40 API calls 3 library calls 95217->95310 95218 f82d6d 95360 f4a8c7 22 API calls __fread_nolock 95218->95360 95220 f42f59 95220->95194 95221 f42f63 95220->95221 95311 f64a28 40 API calls 3 library calls 95221->95311 95224 f82d83 95361 f43084 22 API calls 95224->95361 95225 f42f6e 95225->95200 95227 f42f78 95225->95227 95312 f64a28 40 API calls 3 library calls 95227->95312 95228 f82d90 95230 f42f83 95230->95204 95231 f42f8d 95230->95231 95313 f64a28 40 API calls 3 library calls 95231->95313 95233 f42f98 95234 f42fdc 95233->95234 95314 f43084 22 API calls 95233->95314 95234->95218 95235 f42fe8 95234->95235 95235->95228 95317 f463eb 22 API calls 95235->95317 95237 f42fbf 95315 f4a8c7 22 API calls __fread_nolock 95237->95315 95239 f42ff8 95318 f46a50 22 API calls 95239->95318 95242 f42fcd 95316 f43084 22 API calls 95242->95316 95243 f43006 95319 f470b0 23 API calls 95243->95319 95248 f43021 95249 f43065 95248->95249 95320 f46f88 22 API calls 95248->95320 95321 f470b0 23 API calls 95248->95321 95322 f43084 22 API calls 95248->95322 95252 f5fe0b 22 API calls 95251->95252 95253 f4a976 95252->95253 95254 f5fddb 22 API calls 95253->95254 95255 f42e4d 95254->95255 95256 f44ae3 95255->95256 95257 f44af0 __wsopen_s 95256->95257 95258 f46b57 22 API calls 95257->95258 95259 f44b22 95257->95259 95258->95259 95261 f44b58 95259->95261 95362 f44c6d 95259->95362 95262 f44c29 95261->95262 95264 f49cb3 22 API calls 95261->95264 95267 f44c6d 22 API calls 95261->95267 95365 f4515f 95261->95365 95263 f49cb3 22 API calls 95262->95263 95266 f44c5e 95262->95266 95265 f44c52 95263->95265 95264->95261 95268 f4515f 22 API calls 95265->95268 95266->95176 95267->95261 95268->95266 95371 f81f50 95270->95371 95273 f49cb3 22 API calls 95274 f43a8d 95273->95274 95373 f43aa2 95274->95373 95276 f43a97 95276->95178 95278 f49cc2 _wcslen 95277->95278 95279 f5fe0b 22 API calls 95278->95279 95280 f49cea __fread_nolock 95279->95280 95281 f5fddb 22 API calls 95280->95281 95282 f42e8c 95281->95282 95283 f44ecb 95282->95283 95393 f44e90 LoadLibraryA 95283->95393 95288 f44ef6 LoadLibraryExW 95401 f44e59 LoadLibraryA 95288->95401 95289 f83ccf 95290 f44f39 68 API calls 95289->95290 95292 f83cd6 95290->95292 95294 f44e59 3 API calls 95292->95294 95296 f83cde 95294->95296 95423 f450f5 95296->95423 95297 f44f20 95297->95296 95298 f44f2c 95297->95298 95299 f44f39 68 API calls 95298->95299 95301 f42ea5 95299->95301 95301->95183 95301->95184 95304 f83d05 95305->95189 95306->95193 95307->95199 95308->95207 95309->95217 95310->95220 95311->95225 95312->95230 95313->95233 95314->95237 95315->95242 95316->95234 95317->95239 95318->95243 95319->95248 95320->95248 95321->95248 95322->95248 95324 fb2d15 95323->95324 95325 f4511f 64 API calls 95324->95325 95326 fb2d29 95325->95326 95573 fb2e66 95326->95573 95329 f450f5 40 API calls 95330 fb2d56 95329->95330 95331 f450f5 40 API calls 95330->95331 95332 fb2d66 95331->95332 95333 f450f5 40 API calls 95332->95333 95334 fb2d81 95333->95334 95335 f450f5 40 API calls 95334->95335 95336 fb2d9c 95335->95336 95337 f4511f 64 API calls 95336->95337 95338 fb2db3 95337->95338 95339 f6ea0c ___std_exception_copy 21 API calls 95338->95339 95340 fb2dba 95339->95340 95341 f6ea0c ___std_exception_copy 21 API calls 95340->95341 95342 fb2dc4 95341->95342 95343 f450f5 40 API calls 95342->95343 95344 fb2dd8 95343->95344 95345 fb28fe 27 API calls 95344->95345 95347 fb2dee 95345->95347 95346 fb2d3f 95346->95186 95347->95346 95579 fb22ce 79 API calls 95347->95579 95350 f44f43 95349->95350 95354 f44f4a 95349->95354 95580 f6e678 95350->95580 95352 f44f59 95352->95188 95353 f44f6a FreeLibrary 95353->95352 95354->95352 95354->95353 95355->95200 95356->95204 95357->95210 95358->95214 95359->95218 95360->95224 95361->95228 95363 f4aec9 22 API calls 95362->95363 95364 f44c78 95363->95364 95364->95259 95366 f4516e 95365->95366 95370 f4518f __fread_nolock 95365->95370 95368 f5fe0b 22 API calls 95366->95368 95367 f5fddb 22 API calls 95369 f451a2 95367->95369 95368->95370 95369->95261 95370->95367 95372 f43a67 GetModuleFileNameW 95371->95372 95372->95273 95374 f81f50 __wsopen_s 95373->95374 95375 f43aaf GetFullPathNameW 95374->95375 95376 f43ace 95375->95376 95377 f43ae9 95375->95377 95379 f46b57 22 API calls 95376->95379 95387 f4a6c3 95377->95387 95380 f43ada 95379->95380 95383 f437a0 95380->95383 95384 f437ae 95383->95384 95385 f493b2 22 API calls 95384->95385 95386 f437c2 95385->95386 95386->95276 95388 f4a6d0 95387->95388 95389 f4a6dd 95387->95389 95388->95380 95390 f5fddb 22 API calls 95389->95390 95391 f4a6e7 95390->95391 95392 f5fe0b 22 API calls 95391->95392 95392->95388 95394 f44ec6 95393->95394 95395 f44ea8 GetProcAddress 95393->95395 95398 f6e5eb 95394->95398 95396 f44eb8 95395->95396 95396->95394 95397 f44ebf FreeLibrary 95396->95397 95397->95394 95431 f6e52a 95398->95431 95400 f44eea 95400->95288 95400->95289 95402 f44e8d 95401->95402 95403 f44e6e GetProcAddress 95401->95403 95406 f44f80 95402->95406 95404 f44e7e 95403->95404 95404->95402 95405 f44e86 FreeLibrary 95404->95405 95405->95402 95407 f5fe0b 22 API calls 95406->95407 95408 f44f95 95407->95408 95499 f45722 95408->95499 95410 f44fa1 __fread_nolock 95411 f450a5 95410->95411 95412 f83d1d 95410->95412 95422 f44fdc 95410->95422 95502 f442a2 CreateStreamOnHGlobal 95411->95502 95513 fb304d 74 API calls 95412->95513 95415 f83d22 95417 f4511f 64 API calls 95415->95417 95416 f450f5 40 API calls 95416->95422 95418 f83d45 95417->95418 95419 f450f5 40 API calls 95418->95419 95421 f4506e messages 95419->95421 95421->95297 95422->95415 95422->95416 95422->95421 95508 f4511f 95422->95508 95424 f45107 95423->95424 95425 f83d70 95423->95425 95535 f6e8c4 95424->95535 95428 fb28fe 95556 fb274e 95428->95556 95430 fb2919 95430->95304 95434 f6e536 ___scrt_is_nonwritable_in_current_image 95431->95434 95432 f6e544 95456 f6f2d9 20 API calls _abort 95432->95456 95434->95432 95436 f6e574 95434->95436 95435 f6e549 95457 f727ec 26 API calls pre_c_initialization 95435->95457 95438 f6e586 95436->95438 95439 f6e579 95436->95439 95448 f78061 95438->95448 95458 f6f2d9 20 API calls _abort 95439->95458 95442 f6e554 __wsopen_s 95442->95400 95443 f6e58f 95444 f6e595 95443->95444 95445 f6e5a2 95443->95445 95459 f6f2d9 20 API calls _abort 95444->95459 95460 f6e5d4 LeaveCriticalSection __fread_nolock 95445->95460 95449 f7806d ___scrt_is_nonwritable_in_current_image 95448->95449 95461 f72f5e EnterCriticalSection 95449->95461 95451 f7807b 95462 f780fb 95451->95462 95455 f780ac __wsopen_s 95455->95443 95456->95435 95457->95442 95458->95442 95459->95442 95460->95442 95461->95451 95468 f7811e 95462->95468 95463 f78177 95480 f74c7d 95463->95480 95468->95463 95471 f78088 95468->95471 95478 f6918d EnterCriticalSection 95468->95478 95479 f691a1 LeaveCriticalSection 95468->95479 95469 f78189 95469->95471 95493 f73405 11 API calls 2 library calls 95469->95493 95475 f780b7 95471->95475 95472 f781a8 95494 f6918d EnterCriticalSection 95472->95494 95498 f72fa6 LeaveCriticalSection 95475->95498 95477 f780be 95477->95455 95478->95468 95479->95468 95485 f74c8a pre_c_initialization 95480->95485 95481 f74cca 95496 f6f2d9 20 API calls _abort 95481->95496 95482 f74cb5 RtlAllocateHeap 95483 f74cc8 95482->95483 95482->95485 95487 f729c8 95483->95487 95485->95481 95485->95482 95495 f64ead 7 API calls 2 library calls 95485->95495 95488 f729d3 RtlFreeHeap 95487->95488 95489 f729fc _free 95487->95489 95488->95489 95490 f729e8 95488->95490 95489->95469 95497 f6f2d9 20 API calls _abort 95490->95497 95492 f729ee GetLastError 95492->95489 95493->95472 95494->95471 95495->95485 95496->95483 95497->95492 95498->95477 95500 f5fddb 22 API calls 95499->95500 95501 f45734 95500->95501 95501->95410 95503 f442bc FindResourceExW 95502->95503 95507 f442d9 95502->95507 95504 f835ba LoadResource 95503->95504 95503->95507 95505 f835cf SizeofResource 95504->95505 95504->95507 95506 f835e3 LockResource 95505->95506 95505->95507 95506->95507 95507->95422 95509 f83d90 95508->95509 95510 f4512e 95508->95510 95514 f6ece3 95510->95514 95513->95415 95517 f6eaaa 95514->95517 95516 f4513c 95516->95422 95520 f6eab6 ___scrt_is_nonwritable_in_current_image 95517->95520 95518 f6eac2 95530 f6f2d9 20 API calls _abort 95518->95530 95520->95518 95521 f6eae8 95520->95521 95532 f6918d EnterCriticalSection 95521->95532 95522 f6eac7 95531 f727ec 26 API calls pre_c_initialization 95522->95531 95524 f6eaf4 95533 f6ec0a 62 API calls 2 library calls 95524->95533 95527 f6eb08 95534 f6eb27 LeaveCriticalSection __fread_nolock 95527->95534 95529 f6ead2 __wsopen_s 95529->95516 95530->95522 95531->95529 95532->95524 95533->95527 95534->95529 95538 f6e8e1 95535->95538 95537 f45118 95537->95428 95539 f6e8ed ___scrt_is_nonwritable_in_current_image 95538->95539 95540 f6e900 ___scrt_fastfail 95539->95540 95541 f6e92d 95539->95541 95542 f6e925 __wsopen_s 95539->95542 95551 f6f2d9 20 API calls _abort 95540->95551 95553 f6918d EnterCriticalSection 95541->95553 95542->95537 95544 f6e937 95554 f6e6f8 38 API calls 4 library calls 95544->95554 95547 f6e91a 95552 f727ec 26 API calls pre_c_initialization 95547->95552 95548 f6e94e 95555 f6e96c LeaveCriticalSection __fread_nolock 95548->95555 95551->95547 95552->95542 95553->95544 95554->95548 95555->95542 95559 f6e4e8 95556->95559 95558 fb275d 95558->95430 95562 f6e469 95559->95562 95561 f6e505 95561->95558 95563 f6e48c 95562->95563 95564 f6e478 95562->95564 95568 f6e488 __alldvrm 95563->95568 95572 f7333f 11 API calls 2 library calls 95563->95572 95570 f6f2d9 20 API calls _abort 95564->95570 95566 f6e47d 95571 f727ec 26 API calls pre_c_initialization 95566->95571 95568->95561 95570->95566 95571->95568 95572->95568 95574 fb2e7a 95573->95574 95575 f450f5 40 API calls 95574->95575 95576 fb2d3b 95574->95576 95577 fb28fe 27 API calls 95574->95577 95578 f4511f 64 API calls 95574->95578 95575->95574 95576->95329 95576->95346 95577->95574 95578->95574 95579->95346 95581 f6e684 ___scrt_is_nonwritable_in_current_image 95580->95581 95582 f6e695 95581->95582 95583 f6e6aa 95581->95583 95610 f6f2d9 20 API calls _abort 95582->95610 95592 f6e6a5 __wsopen_s 95583->95592 95593 f6918d EnterCriticalSection 95583->95593 95585 f6e69a 95611 f727ec 26 API calls pre_c_initialization 95585->95611 95588 f6e6c6 95594 f6e602 95588->95594 95590 f6e6d1 95612 f6e6ee LeaveCriticalSection __fread_nolock 95590->95612 95592->95354 95593->95588 95595 f6e624 95594->95595 95596 f6e60f 95594->95596 95602 f6e61f 95595->95602 95613 f6dc0b 95595->95613 95645 f6f2d9 20 API calls _abort 95596->95645 95599 f6e614 95646 f727ec 26 API calls pre_c_initialization 95599->95646 95602->95590 95606 f6e646 95630 f7862f 95606->95630 95609 f729c8 _free 20 API calls 95609->95602 95610->95585 95611->95592 95612->95592 95614 f6dc23 95613->95614 95615 f6dc1f 95613->95615 95614->95615 95616 f6d955 __fread_nolock 26 API calls 95614->95616 95619 f74d7a 95615->95619 95617 f6dc43 95616->95617 95647 f759be 62 API calls 5 library calls 95617->95647 95620 f6e640 95619->95620 95621 f74d90 95619->95621 95623 f6d955 95620->95623 95621->95620 95622 f729c8 _free 20 API calls 95621->95622 95622->95620 95624 f6d976 95623->95624 95625 f6d961 95623->95625 95624->95606 95648 f6f2d9 20 API calls _abort 95625->95648 95627 f6d966 95649 f727ec 26 API calls pre_c_initialization 95627->95649 95629 f6d971 95629->95606 95631 f78653 95630->95631 95632 f7863e 95630->95632 95634 f7868e 95631->95634 95639 f7867a 95631->95639 95653 f6f2c6 20 API calls _abort 95632->95653 95655 f6f2c6 20 API calls _abort 95634->95655 95636 f78643 95654 f6f2d9 20 API calls _abort 95636->95654 95637 f78693 95656 f6f2d9 20 API calls _abort 95637->95656 95650 f78607 95639->95650 95642 f6e64c 95642->95602 95642->95609 95643 f7869b 95657 f727ec 26 API calls pre_c_initialization 95643->95657 95645->95599 95646->95602 95647->95615 95648->95627 95649->95629 95658 f78585 95650->95658 95652 f7862b 95652->95642 95653->95636 95654->95642 95655->95637 95656->95643 95657->95642 95659 f78591 ___scrt_is_nonwritable_in_current_image 95658->95659 95669 f75147 EnterCriticalSection 95659->95669 95661 f7859f 95662 f785c6 95661->95662 95663 f785d1 95661->95663 95670 f786ae 95662->95670 95685 f6f2d9 20 API calls _abort 95663->95685 95666 f785cc 95686 f785fb LeaveCriticalSection __wsopen_s 95666->95686 95668 f785ee __wsopen_s 95668->95652 95669->95661 95687 f753c4 95670->95687 95672 f786be 95673 f786c4 95672->95673 95675 f786f6 95672->95675 95678 f753c4 __wsopen_s 26 API calls 95672->95678 95700 f75333 21 API calls 3 library calls 95673->95700 95675->95673 95676 f753c4 __wsopen_s 26 API calls 95675->95676 95679 f78702 FindCloseChangeNotification 95676->95679 95677 f7871c 95680 f7873e 95677->95680 95701 f6f2a3 20 API calls 2 library calls 95677->95701 95681 f786ed 95678->95681 95679->95673 95682 f7870e GetLastError 95679->95682 95680->95666 95684 f753c4 __wsopen_s 26 API calls 95681->95684 95682->95673 95684->95675 95685->95666 95686->95668 95688 f753d1 95687->95688 95690 f753e6 95687->95690 95702 f6f2c6 20 API calls _abort 95688->95702 95693 f7540b 95690->95693 95704 f6f2c6 20 API calls _abort 95690->95704 95692 f753d6 95703 f6f2d9 20 API calls _abort 95692->95703 95693->95672 95694 f75416 95705 f6f2d9 20 API calls _abort 95694->95705 95697 f753de 95697->95672 95698 f7541e 95706 f727ec 26 API calls pre_c_initialization 95698->95706 95700->95677 95701->95680 95702->95692 95703->95697 95704->95694 95705->95698 95706->95697 95707 f41033 95712 f44c91 95707->95712 95711 f41042 95713 f4a961 22 API calls 95712->95713 95714 f44cff 95713->95714 95720 f43af0 95714->95720 95717 f44d9c 95718 f41038 95717->95718 95723 f451f7 22 API calls __fread_nolock 95717->95723 95719 f600a3 29 API calls __onexit 95718->95719 95719->95711 95724 f43b1c 95720->95724 95723->95717 95725 f43b0f 95724->95725 95726 f43b29 95724->95726 95725->95717 95726->95725 95727 f43b30 RegOpenKeyExW 95726->95727 95727->95725 95728 f43b4a RegQueryValueExW 95727->95728 95729 f43b80 RegCloseKey 95728->95729 95730 f43b6b 95728->95730 95729->95725 95730->95729 95731 f4f7bf 95732 f4fcb6 95731->95732 95733 f4f7d3 95731->95733 95820 f4aceb 23 API calls messages 95732->95820 95735 f4fcc2 95733->95735 95737 f5fddb 22 API calls 95733->95737 95821 f4aceb 23 API calls messages 95735->95821 95738 f4f7e5 95737->95738 95738->95735 95739 f4f83e 95738->95739 95740 f4fd3d 95738->95740 95746 f4ed9d messages 95739->95746 95766 f51310 95739->95766 95822 fb1155 22 API calls 95740->95822 95743 f5fddb 22 API calls 95745 f4ec76 messages 95743->95745 95744 f94beb 95828 fb359c 82 API calls __wsopen_s 95744->95828 95745->95743 95745->95744 95745->95746 95747 f4fef7 95745->95747 95750 f94b0b 95745->95750 95751 f4a8c7 22 API calls 95745->95751 95752 f4f3ae messages 95745->95752 95753 f94600 95745->95753 95759 f4fbe3 95745->95759 95760 f4a961 22 API calls 95745->95760 95762 f600a3 29 API calls pre_c_initialization 95745->95762 95764 f60242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95745->95764 95765 f601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95745->95765 95818 f501e0 185 API calls 2 library calls 95745->95818 95819 f506a0 41 API calls messages 95745->95819 95747->95746 95824 f4a8c7 22 API calls __fread_nolock 95747->95824 95826 fb359c 82 API calls __wsopen_s 95750->95826 95751->95745 95752->95746 95825 fb359c 82 API calls __wsopen_s 95752->95825 95753->95746 95823 f4a8c7 22 API calls __fread_nolock 95753->95823 95759->95746 95759->95752 95761 f94bdc 95759->95761 95760->95745 95827 fb359c 82 API calls __wsopen_s 95761->95827 95762->95745 95764->95745 95765->95745 95767 f51376 95766->95767 95768 f517b0 95766->95768 95770 f51390 95767->95770 95771 f96331 95767->95771 95877 f60242 5 API calls __Init_thread_wait 95768->95877 95775 f51940 9 API calls 95770->95775 95772 f9633d 95771->95772 95882 fc709c 185 API calls 95771->95882 95772->95745 95774 f517ba 95776 f517fb 95774->95776 95778 f49cb3 22 API calls 95774->95778 95777 f513a0 95775->95777 95781 f96346 95776->95781 95783 f5182c 95776->95783 95779 f51940 9 API calls 95777->95779 95787 f517d4 95778->95787 95780 f513b6 95779->95780 95780->95776 95782 f513ec 95780->95782 95883 fb359c 82 API calls __wsopen_s 95781->95883 95782->95781 95804 f51408 __fread_nolock 95782->95804 95879 f4aceb 23 API calls messages 95783->95879 95786 f51839 95880 f5d217 185 API calls 95786->95880 95878 f601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95787->95878 95790 f9636e 95884 fb359c 82 API calls __wsopen_s 95790->95884 95792 f963d1 95886 fc5745 54 API calls _wcslen 95792->95886 95793 f5153c 95796 f51940 9 API calls 95793->95796 95794 f515c7 messages 95799 f51872 95794->95799 95801 f5167b messages 95794->95801 95829 f51940 95794->95829 95839 fb5c5a 95794->95839 95844 fca2ea 95794->95844 95849 fcac5b 95794->95849 95888 fb359c 82 API calls __wsopen_s 95794->95888 95798 f51549 95796->95798 95797 f5fddb 22 API calls 95797->95804 95798->95794 95805 f51940 9 API calls 95798->95805 95881 f5faeb 23 API calls 95799->95881 95800 f5fe0b 22 API calls 95800->95804 95802 f5171d 95801->95802 95876 f5ce17 22 API calls messages 95801->95876 95802->95745 95804->95786 95804->95790 95804->95794 95804->95797 95804->95800 95809 f5152f 95804->95809 95810 f963b2 95804->95810 95852 f4ec40 95804->95852 95806 f51563 95805->95806 95806->95794 95887 f4a8c7 22 API calls __fread_nolock 95806->95887 95809->95792 95809->95793 95885 fb359c 82 API calls __wsopen_s 95810->95885 95818->95745 95819->95745 95820->95735 95821->95740 95822->95746 95823->95746 95824->95746 95825->95746 95826->95746 95827->95744 95828->95746 95830 f51981 95829->95830 95834 f5195d 95829->95834 95889 f60242 5 API calls __Init_thread_wait 95830->95889 95832 f5198b 95832->95834 95890 f601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95832->95890 95838 f5196e 95834->95838 95891 f60242 5 API calls __Init_thread_wait 95834->95891 95835 f58727 95835->95838 95892 f601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95835->95892 95838->95794 95893 f47510 95839->95893 95843 fb5c77 95843->95794 95845 f47510 53 API calls 95844->95845 95846 fca306 95845->95846 95925 fad4dc CreateToolhelp32Snapshot Process32FirstW 95846->95925 95848 fca315 95848->95794 95946 fcad64 95849->95946 95851 fcac6f 95851->95794 95853 f4ec76 messages 95852->95853 95854 f94beb 95853->95854 95855 f5fddb 22 API calls 95853->95855 95858 f4fef7 95853->95858 95859 f94b0b 95853->95859 95860 f94600 95853->95860 95864 f60242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95853->95864 95865 f4a8c7 22 API calls 95853->95865 95868 f4fbe3 95853->95868 95869 f4a961 22 API calls 95853->95869 95871 f600a3 29 API calls pre_c_initialization 95853->95871 95873 f601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95853->95873 95874 f4ed9d messages 95853->95874 95875 f4f3ae messages 95853->95875 95978 f501e0 185 API calls 2 library calls 95853->95978 95979 f506a0 41 API calls messages 95853->95979 95985 fb359c 82 API calls __wsopen_s 95854->95985 95855->95853 95858->95874 95981 f4a8c7 22 API calls __fread_nolock 95858->95981 95983 fb359c 82 API calls __wsopen_s 95859->95983 95860->95874 95980 f4a8c7 22 API calls __fread_nolock 95860->95980 95864->95853 95865->95853 95870 f94bdc 95868->95870 95868->95874 95868->95875 95869->95853 95984 fb359c 82 API calls __wsopen_s 95870->95984 95871->95853 95873->95853 95874->95804 95875->95874 95982 fb359c 82 API calls __wsopen_s 95875->95982 95876->95801 95877->95774 95878->95776 95879->95786 95880->95799 95881->95799 95882->95772 95883->95794 95884->95794 95885->95794 95886->95806 95887->95794 95888->95794 95889->95832 95890->95834 95891->95835 95892->95838 95894 f47525 95893->95894 95895 f47522 95893->95895 95896 f4752d 95894->95896 95897 f4755b 95894->95897 95916 fadbbe lstrlenW 95895->95916 95921 f651c6 26 API calls 95896->95921 95899 f850f6 95897->95899 95902 f4756d 95897->95902 95907 f8500f 95897->95907 95924 f65183 26 API calls 95899->95924 95900 f4753d 95906 f5fddb 22 API calls 95900->95906 95922 f5fb21 51 API calls 95902->95922 95903 f8510e 95903->95903 95908 f47547 95906->95908 95909 f85088 95907->95909 95911 f5fe0b 22 API calls 95907->95911 95910 f49cb3 22 API calls 95908->95910 95923 f5fb21 51 API calls 95909->95923 95910->95895 95912 f85058 95911->95912 95913 f5fddb 22 API calls 95912->95913 95914 f8507f 95913->95914 95915 f49cb3 22 API calls 95914->95915 95915->95909 95917 fadbdc GetFileAttributesW 95916->95917 95918 fadc06 95916->95918 95917->95918 95919 fadbe8 FindFirstFileW 95917->95919 95918->95843 95919->95918 95920 fadbf9 FindClose 95919->95920 95920->95918 95921->95900 95922->95900 95923->95899 95924->95903 95935 fadef7 95925->95935 95927 fad5db FindCloseChangeNotification 95927->95848 95928 fad529 Process32NextW 95928->95927 95930 fad522 95928->95930 95929 f4a961 22 API calls 95929->95930 95930->95927 95930->95928 95930->95929 95931 f49cb3 22 API calls 95930->95931 95941 f4525f 22 API calls 95930->95941 95942 f46350 22 API calls 95930->95942 95943 f5ce60 41 API calls 95930->95943 95931->95930 95936 fadf02 95935->95936 95937 fadf19 95936->95937 95940 fadf1f 95936->95940 95944 f663b2 GetStringTypeW _strftime 95936->95944 95945 f662fb 39 API calls 95937->95945 95940->95930 95941->95930 95942->95930 95943->95930 95944->95936 95945->95940 95947 f4a961 22 API calls 95946->95947 95948 fcad77 ___scrt_fastfail 95947->95948 95949 fcadce 95948->95949 95950 f47510 53 API calls 95948->95950 95951 fcadee 95949->95951 95954 f47510 53 API calls 95949->95954 95953 fcadab 95950->95953 95952 fcae3a 95951->95952 95956 f47510 53 API calls 95951->95956 95957 fcae4d ___scrt_fastfail 95952->95957 95977 f4b567 39 API calls 95952->95977 95953->95949 95959 f47510 53 API calls 95953->95959 95955 fcade4 95954->95955 95975 f47620 22 API calls _wcslen 95955->95975 95965 fcae04 95956->95965 95963 f47510 53 API calls 95957->95963 95961 fcadc4 95959->95961 95974 f47620 22 API calls _wcslen 95961->95974 95964 fcae85 ShellExecuteExW 95963->95964 95970 fcaeb0 95964->95970 95965->95952 95966 f47510 53 API calls 95965->95966 95967 fcae28 95966->95967 95967->95952 95976 f4a8c7 22 API calls __fread_nolock 95967->95976 95969 fcaec8 95969->95851 95970->95969 95971 fcaf35 GetProcessId 95970->95971 95972 fcaf48 95971->95972 95973 fcaf58 CloseHandle 95972->95973 95973->95969 95974->95949 95975->95951 95976->95952 95977->95957 95978->95853 95979->95853 95980->95874 95981->95874 95982->95874 95983->95874 95984->95854 95985->95874 95986 f41098 95991 f442de 95986->95991 95990 f410a7 95992 f4a961 22 API calls 95991->95992 95993 f442f5 GetVersionExW 95992->95993 95994 f46b57 22 API calls 95993->95994 95995 f44342 95994->95995 95996 f493b2 22 API calls 95995->95996 95998 f44378 95995->95998 95997 f4436c 95996->95997 96000 f437a0 22 API calls 95997->96000 95999 f4441b GetCurrentProcess IsWow64Process 95998->95999 96002 f837df 95998->96002 96001 f44437 95999->96001 96000->95998 96003 f4444f LoadLibraryA 96001->96003 96004 f83824 GetSystemInfo 96001->96004 96005 f44460 GetProcAddress 96003->96005 96006 f4449c GetSystemInfo 96003->96006 96005->96006 96007 f44470 GetNativeSystemInfo 96005->96007 96008 f44476 96006->96008 96007->96008 96009 f4109d 96008->96009 96010 f4447a FreeLibrary 96008->96010 96011 f600a3 29 API calls __onexit 96009->96011 96010->96009 96011->95990 96012 f93f75 96023 f5ceb1 96012->96023 96014 f93f8b 96016 f94006 96014->96016 96090 f5e300 23 API calls 96014->96090 96032 f4bf40 96016->96032 96018 f94052 96020 f94a88 96018->96020 96092 fb359c 82 API calls __wsopen_s 96018->96092 96021 f93fe6 96021->96018 96091 fb1abf 22 API calls 96021->96091 96024 f5ced2 96023->96024 96025 f5cebf 96023->96025 96027 f5cf05 96024->96027 96028 f5ced7 96024->96028 96093 f4aceb 23 API calls messages 96025->96093 96094 f4aceb 23 API calls messages 96027->96094 96029 f5fddb 22 API calls 96028->96029 96031 f5cec9 96029->96031 96031->96014 96095 f4adf0 96032->96095 96034 f4bf9d 96035 f4bfa9 96034->96035 96036 f904b6 96034->96036 96038 f904c6 96035->96038 96039 f4c01e 96035->96039 96114 fb359c 82 API calls __wsopen_s 96036->96114 96115 fb359c 82 API calls __wsopen_s 96038->96115 96100 f4ac91 96039->96100 96042 f4c7da 96047 f5fe0b 22 API calls 96042->96047 96044 f5fddb 22 API calls 96072 f4c039 __fread_nolock messages 96044->96072 96052 f4c808 __fread_nolock 96047->96052 96049 f904f5 96053 f9055a 96049->96053 96116 f5d217 185 API calls 96049->96116 96058 f5fe0b 22 API calls 96052->96058 96089 f4c603 96053->96089 96117 fb359c 82 API calls __wsopen_s 96053->96117 96054 f4ec40 185 API calls 96054->96072 96055 f4af8a 22 API calls 96055->96072 96056 fa7120 22 API calls 96056->96072 96057 f9091a 96127 fb3209 23 API calls 96057->96127 96061 f4c350 __fread_nolock messages 96058->96061 96073 f4c3ac 96061->96073 96113 f5ce17 22 API calls messages 96061->96113 96062 f908a5 96063 f4ec40 185 API calls 96062->96063 96064 f908cf 96063->96064 96064->96089 96125 f4a81b 41 API calls 96064->96125 96066 f90591 96118 fb359c 82 API calls __wsopen_s 96066->96118 96069 f908f6 96126 fb359c 82 API calls __wsopen_s 96069->96126 96072->96042 96072->96044 96072->96049 96072->96052 96072->96053 96072->96054 96072->96055 96072->96056 96072->96057 96072->96062 96072->96066 96072->96069 96074 f4c237 96072->96074 96078 f5fe0b 22 API calls 96072->96078 96084 f909bf 96072->96084 96086 f4bbe0 40 API calls 96072->96086 96072->96089 96104 f4ad81 96072->96104 96119 fa7099 22 API calls __fread_nolock 96072->96119 96120 fc5745 54 API calls _wcslen 96072->96120 96121 f5aa42 22 API calls messages 96072->96121 96122 faf05c 40 API calls 96072->96122 96123 f4a993 41 API calls 96072->96123 96124 f4aceb 23 API calls messages 96072->96124 96073->96018 96079 f4c253 96074->96079 96128 f4a8c7 22 API calls __fread_nolock 96074->96128 96076 f90976 96129 f4aceb 23 API calls messages 96076->96129 96078->96072 96079->96076 96082 f4c297 messages 96079->96082 96082->96084 96111 f4aceb 23 API calls messages 96082->96111 96084->96089 96130 fb359c 82 API calls __wsopen_s 96084->96130 96085 f4c335 96085->96084 96087 f4c342 96085->96087 96086->96072 96112 f4a704 22 API calls messages 96087->96112 96089->96018 96090->96021 96091->96016 96092->96020 96093->96031 96094->96031 96096 f4ae01 96095->96096 96099 f4ae1c messages 96095->96099 96097 f4aec9 22 API calls 96096->96097 96098 f4ae09 CharUpperBuffW 96097->96098 96098->96099 96099->96034 96102 f4acae 96100->96102 96101 f4acd1 96101->96072 96102->96101 96131 fb359c 82 API calls __wsopen_s 96102->96131 96105 f8fadb 96104->96105 96106 f4ad92 96104->96106 96107 f5fddb 22 API calls 96106->96107 96108 f4ad99 96107->96108 96132 f4adcd 96108->96132 96111->96085 96112->96061 96113->96061 96114->96038 96115->96089 96116->96053 96117->96089 96118->96089 96119->96072 96120->96072 96121->96072 96122->96072 96123->96072 96124->96072 96125->96069 96126->96089 96127->96074 96128->96079 96129->96084 96130->96089 96131->96101 96136 f4addd 96132->96136 96133 f4adb6 96133->96072 96134 f5fddb 22 API calls 96134->96136 96135 f4a961 22 API calls 96135->96136 96136->96133 96136->96134 96136->96135 96138 f4adcd 22 API calls 96136->96138 96139 f4a8c7 22 API calls __fread_nolock 96136->96139 96138->96136 96139->96136 96140 f603fb 96141 f60407 ___scrt_is_nonwritable_in_current_image 96140->96141 96169 f5feb1 96141->96169 96143 f6040e 96144 f60561 96143->96144 96147 f60438 96143->96147 96199 f6083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96144->96199 96146 f60568 96192 f64e52 96146->96192 96158 f60477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96147->96158 96180 f7247d 96147->96180 96154 f60457 96156 f604d8 96188 f60959 96156->96188 96158->96156 96195 f64e1a 38 API calls 2 library calls 96158->96195 96160 f604de 96161 f604f3 96160->96161 96196 f60992 GetModuleHandleW 96161->96196 96163 f604fa 96163->96146 96164 f604fe 96163->96164 96165 f60507 96164->96165 96197 f64df5 28 API calls _abort 96164->96197 96198 f60040 13 API calls 2 library calls 96165->96198 96168 f6050f 96168->96154 96170 f5feba 96169->96170 96201 f60698 IsProcessorFeaturePresent 96170->96201 96172 f5fec6 96202 f62c94 10 API calls 3 library calls 96172->96202 96174 f5fecb 96179 f5fecf 96174->96179 96203 f72317 96174->96203 96177 f5fee6 96177->96143 96179->96143 96183 f72494 96180->96183 96181 f60a8c _ValidateLocalCookies 5 API calls 96182 f60451 96181->96182 96182->96154 96184 f72421 96182->96184 96183->96181 96185 f72450 96184->96185 96186 f60a8c _ValidateLocalCookies 5 API calls 96185->96186 96187 f72479 96186->96187 96187->96158 96262 f62340 96188->96262 96191 f6097f 96191->96160 96264 f64bcf 96192->96264 96195->96156 96196->96163 96197->96165 96198->96168 96199->96146 96201->96172 96202->96174 96207 f7d1f6 96203->96207 96206 f62cbd 8 API calls 3 library calls 96206->96179 96210 f7d213 96207->96210 96211 f7d20f 96207->96211 96209 f5fed8 96209->96177 96209->96206 96210->96211 96213 f74bfb 96210->96213 96225 f60a8c 96211->96225 96214 f74c07 ___scrt_is_nonwritable_in_current_image 96213->96214 96232 f72f5e EnterCriticalSection 96214->96232 96216 f74c0e 96233 f750af 96216->96233 96218 f74c1d 96224 f74c2c 96218->96224 96246 f74a8f 29 API calls 96218->96246 96221 f74c3d __wsopen_s 96221->96210 96222 f74c27 96247 f74b45 GetStdHandle GetFileType 96222->96247 96248 f74c48 LeaveCriticalSection _abort 96224->96248 96226 f60a97 IsProcessorFeaturePresent 96225->96226 96227 f60a95 96225->96227 96229 f60c5d 96226->96229 96227->96209 96261 f60c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96229->96261 96231 f60d40 96231->96209 96232->96216 96234 f750bb ___scrt_is_nonwritable_in_current_image 96233->96234 96235 f750df 96234->96235 96236 f750c8 96234->96236 96249 f72f5e EnterCriticalSection 96235->96249 96257 f6f2d9 20 API calls _abort 96236->96257 96239 f750cd 96258 f727ec 26 API calls pre_c_initialization 96239->96258 96241 f75117 96259 f7513e LeaveCriticalSection _abort 96241->96259 96242 f750d7 __wsopen_s 96242->96218 96243 f750eb 96243->96241 96250 f75000 96243->96250 96246->96222 96247->96224 96248->96221 96249->96243 96251 f74c7d pre_c_initialization 20 API calls 96250->96251 96252 f75012 96251->96252 96256 f7501f 96252->96256 96260 f73405 11 API calls 2 library calls 96252->96260 96253 f729c8 _free 20 API calls 96255 f75071 96253->96255 96255->96243 96256->96253 96257->96239 96258->96242 96259->96242 96260->96252 96261->96231 96263 f6096c GetStartupInfoW 96262->96263 96263->96191 96265 f64bdb _abort 96264->96265 96266 f64bf4 96265->96266 96267 f64be2 96265->96267 96288 f72f5e EnterCriticalSection 96266->96288 96303 f64d29 GetModuleHandleW 96267->96303 96270 f64be7 96270->96266 96304 f64d6d GetModuleHandleExW 96270->96304 96271 f64c99 96292 f64cd9 96271->96292 96275 f64c70 96279 f64c88 96275->96279 96283 f72421 _abort 5 API calls 96275->96283 96277 f64cb6 96295 f64ce8 96277->96295 96278 f64ce2 96312 f81d29 5 API calls _ValidateLocalCookies 96278->96312 96284 f72421 _abort 5 API calls 96279->96284 96283->96279 96284->96271 96285 f64bfb 96285->96271 96285->96275 96289 f721a8 96285->96289 96288->96285 96313 f71ee1 96289->96313 96332 f72fa6 LeaveCriticalSection 96292->96332 96294 f64cb2 96294->96277 96294->96278 96333 f7360c 96295->96333 96298 f64d16 96301 f64d6d _abort 8 API calls 96298->96301 96299 f64cf6 GetPEB 96299->96298 96300 f64d06 GetCurrentProcess TerminateProcess 96299->96300 96300->96298 96302 f64d1e ExitProcess 96301->96302 96303->96270 96305 f64d97 GetProcAddress 96304->96305 96306 f64dba 96304->96306 96309 f64dac 96305->96309 96307 f64dc0 FreeLibrary 96306->96307 96308 f64dc9 96306->96308 96307->96308 96310 f60a8c _ValidateLocalCookies 5 API calls 96308->96310 96309->96306 96311 f64bf3 96310->96311 96311->96266 96316 f71e90 96313->96316 96315 f71f05 96315->96275 96317 f71e9c ___scrt_is_nonwritable_in_current_image 96316->96317 96324 f72f5e EnterCriticalSection 96317->96324 96319 f71eaa 96325 f71f31 96319->96325 96323 f71ec8 __wsopen_s 96323->96315 96324->96319 96326 f71f51 96325->96326 96327 f71f59 96325->96327 96328 f60a8c _ValidateLocalCookies 5 API calls 96326->96328 96327->96326 96330 f729c8 _free 20 API calls 96327->96330 96329 f71eb7 96328->96329 96331 f71ed5 LeaveCriticalSection _abort 96329->96331 96330->96326 96331->96323 96332->96294 96334 f73627 96333->96334 96335 f73631 96333->96335 96337 f60a8c _ValidateLocalCookies 5 API calls 96334->96337 96340 f72fd7 5 API calls 2 library calls 96335->96340 96338 f64cf2 96337->96338 96338->96298 96338->96299 96339 f73648 96339->96334 96340->96339 96341 f4105b 96346 f4344d 96341->96346 96343 f4106a 96377 f600a3 29 API calls __onexit 96343->96377 96345 f41074 96347 f4345d __wsopen_s 96346->96347 96348 f4a961 22 API calls 96347->96348 96349 f43513 96348->96349 96350 f43a5a 24 API calls 96349->96350 96351 f4351c 96350->96351 96378 f43357 96351->96378 96354 f433c6 22 API calls 96355 f43535 96354->96355 96356 f4515f 22 API calls 96355->96356 96357 f43544 96356->96357 96358 f4a961 22 API calls 96357->96358 96359 f4354d 96358->96359 96360 f4a6c3 22 API calls 96359->96360 96361 f43556 RegOpenKeyExW 96360->96361 96362 f83176 RegQueryValueExW 96361->96362 96366 f43578 96361->96366 96363 f8320c RegCloseKey 96362->96363 96364 f83193 96362->96364 96363->96366 96376 f8321e _wcslen 96363->96376 96365 f5fe0b 22 API calls 96364->96365 96367 f831ac 96365->96367 96366->96343 96368 f45722 22 API calls 96367->96368 96369 f831b7 RegQueryValueExW 96368->96369 96371 f831d4 96369->96371 96373 f831ee messages 96369->96373 96370 f44c6d 22 API calls 96370->96376 96372 f46b57 22 API calls 96371->96372 96372->96373 96373->96363 96374 f49cb3 22 API calls 96374->96376 96375 f4515f 22 API calls 96375->96376 96376->96366 96376->96370 96376->96374 96376->96375 96377->96345 96379 f81f50 __wsopen_s 96378->96379 96380 f43364 GetFullPathNameW 96379->96380 96381 f43386 96380->96381 96382 f46b57 22 API calls 96381->96382 96383 f433a4 96382->96383 96383->96354 96384 f41044 96389 f410f3 96384->96389 96386 f4104a 96425 f600a3 29 API calls __onexit 96386->96425 96388 f41054 96426 f41398 96389->96426 96393 f4116a 96394 f4a961 22 API calls 96393->96394 96395 f41174 96394->96395 96396 f4a961 22 API calls 96395->96396 96397 f4117e 96396->96397 96398 f4a961 22 API calls 96397->96398 96399 f41188 96398->96399 96400 f4a961 22 API calls 96399->96400 96401 f411c6 96400->96401 96402 f4a961 22 API calls 96401->96402 96403 f41292 96402->96403 96436 f4171c 96403->96436 96407 f412c4 96408 f4a961 22 API calls 96407->96408 96409 f412ce 96408->96409 96410 f51940 9 API calls 96409->96410 96411 f412f9 96410->96411 96457 f41aab 96411->96457 96413 f41315 96414 f41325 GetStdHandle 96413->96414 96415 f82485 96414->96415 96416 f4137a 96414->96416 96415->96416 96417 f8248e 96415->96417 96419 f41387 OleInitialize 96416->96419 96418 f5fddb 22 API calls 96417->96418 96420 f82495 96418->96420 96419->96386 96464 fb011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96420->96464 96422 f8249e 96465 fb0944 CreateThread 96422->96465 96424 f824aa CloseHandle 96424->96416 96425->96388 96466 f413f1 96426->96466 96429 f413f1 22 API calls 96430 f413d0 96429->96430 96431 f4a961 22 API calls 96430->96431 96432 f413dc 96431->96432 96433 f46b57 22 API calls 96432->96433 96434 f41129 96433->96434 96435 f41bc3 6 API calls 96434->96435 96435->96393 96437 f4a961 22 API calls 96436->96437 96438 f4172c 96437->96438 96439 f4a961 22 API calls 96438->96439 96440 f41734 96439->96440 96441 f4a961 22 API calls 96440->96441 96442 f4174f 96441->96442 96443 f5fddb 22 API calls 96442->96443 96444 f4129c 96443->96444 96445 f41b4a 96444->96445 96446 f41b58 96445->96446 96447 f4a961 22 API calls 96446->96447 96448 f41b63 96447->96448 96449 f4a961 22 API calls 96448->96449 96450 f41b6e 96449->96450 96451 f4a961 22 API calls 96450->96451 96452 f41b79 96451->96452 96453 f4a961 22 API calls 96452->96453 96454 f41b84 96453->96454 96455 f5fddb 22 API calls 96454->96455 96456 f41b96 RegisterWindowMessageW 96455->96456 96456->96407 96458 f8272d 96457->96458 96459 f41abb 96457->96459 96473 fb3209 23 API calls 96458->96473 96461 f5fddb 22 API calls 96459->96461 96463 f41ac3 96461->96463 96462 f82738 96463->96413 96464->96422 96465->96424 96474 fb092a 28 API calls 96465->96474 96467 f4a961 22 API calls 96466->96467 96468 f413fc 96467->96468 96469 f4a961 22 API calls 96468->96469 96470 f41404 96469->96470 96471 f4a961 22 API calls 96470->96471 96472 f413c6 96471->96472 96472->96429 96473->96462 96475 f78402 96480 f781be 96475->96480 96478 f7842a 96485 f781ef try_get_first_available_module 96480->96485 96482 f783ee 96499 f727ec 26 API calls pre_c_initialization 96482->96499 96484 f78343 96484->96478 96492 f80984 96484->96492 96491 f78338 96485->96491 96495 f68e0b 40 API calls 2 library calls 96485->96495 96487 f7838c 96487->96491 96496 f68e0b 40 API calls 2 library calls 96487->96496 96489 f783ab 96489->96491 96497 f68e0b 40 API calls 2 library calls 96489->96497 96491->96484 96498 f6f2d9 20 API calls _abort 96491->96498 96500 f80081 96492->96500 96494 f8099f 96494->96478 96495->96487 96496->96489 96497->96491 96498->96482 96499->96484 96503 f8008d ___scrt_is_nonwritable_in_current_image 96500->96503 96501 f8009b 96557 f6f2d9 20 API calls _abort 96501->96557 96503->96501 96505 f800d4 96503->96505 96504 f800a0 96558 f727ec 26 API calls pre_c_initialization 96504->96558 96511 f8065b 96505->96511 96510 f800aa __wsopen_s 96510->96494 96512 f80678 96511->96512 96513 f8068d 96512->96513 96514 f806a6 96512->96514 96574 f6f2c6 20 API calls _abort 96513->96574 96560 f75221 96514->96560 96517 f806ab 96518 f806cb 96517->96518 96519 f806b4 96517->96519 96573 f8039a CreateFileW 96518->96573 96576 f6f2c6 20 API calls _abort 96519->96576 96523 f80704 96526 f80781 GetFileType 96523->96526 96527 f80756 GetLastError 96523->96527 96578 f8039a CreateFileW 96523->96578 96524 f806b9 96577 f6f2d9 20 API calls _abort 96524->96577 96528 f8078c GetLastError 96526->96528 96529 f807d3 96526->96529 96579 f6f2a3 20 API calls 2 library calls 96527->96579 96580 f6f2a3 20 API calls 2 library calls 96528->96580 96582 f7516a 21 API calls 3 library calls 96529->96582 96532 f8079a CloseHandle 96534 f80692 96532->96534 96535 f807c3 96532->96535 96575 f6f2d9 20 API calls _abort 96534->96575 96581 f6f2d9 20 API calls _abort 96535->96581 96537 f80749 96537->96526 96537->96527 96539 f807f4 96541 f80840 96539->96541 96583 f805ab 72 API calls 4 library calls 96539->96583 96540 f807c8 96540->96534 96545 f8086d 96541->96545 96584 f8014d 72 API calls 4 library calls 96541->96584 96544 f80866 96544->96545 96546 f8087e 96544->96546 96547 f786ae __wsopen_s 29 API calls 96545->96547 96548 f800f8 96546->96548 96549 f808fc CloseHandle 96546->96549 96547->96548 96559 f80121 LeaveCriticalSection __wsopen_s 96548->96559 96585 f8039a CreateFileW 96549->96585 96551 f80927 96552 f80931 GetLastError 96551->96552 96553 f8095d 96551->96553 96586 f6f2a3 20 API calls 2 library calls 96552->96586 96553->96548 96555 f8093d 96587 f75333 21 API calls 3 library calls 96555->96587 96557->96504 96558->96510 96559->96510 96561 f7522d ___scrt_is_nonwritable_in_current_image 96560->96561 96588 f72f5e EnterCriticalSection 96561->96588 96563 f75234 96564 f75259 96563->96564 96569 f752c7 EnterCriticalSection 96563->96569 96572 f7527b 96563->96572 96566 f75000 __wsopen_s 21 API calls 96564->96566 96568 f7525e 96566->96568 96567 f752a4 __wsopen_s 96567->96517 96568->96572 96592 f75147 EnterCriticalSection 96568->96592 96570 f752d4 LeaveCriticalSection 96569->96570 96569->96572 96570->96563 96589 f7532a 96572->96589 96573->96523 96574->96534 96575->96548 96576->96524 96577->96534 96578->96537 96579->96534 96580->96532 96581->96540 96582->96539 96583->96541 96584->96544 96585->96551 96586->96555 96587->96553 96588->96563 96593 f72fa6 LeaveCriticalSection 96589->96593 96591 f75331 96591->96567 96592->96572 96593->96591 96594 f42de3 96595 f42df0 __wsopen_s 96594->96595 96596 f82c2b ___scrt_fastfail 96595->96596 96597 f42e09 96595->96597 96599 f82c47 GetOpenFileNameW 96596->96599 96598 f43aa2 23 API calls 96597->96598 96600 f42e12 96598->96600 96601 f82c96 96599->96601 96610 f42da5 96600->96610 96603 f46b57 22 API calls 96601->96603 96605 f82cab 96603->96605 96605->96605 96607 f42e27 96628 f444a8 96607->96628 96611 f81f50 __wsopen_s 96610->96611 96612 f42db2 GetLongPathNameW 96611->96612 96613 f46b57 22 API calls 96612->96613 96614 f42dda 96613->96614 96615 f43598 96614->96615 96616 f4a961 22 API calls 96615->96616 96617 f435aa 96616->96617 96618 f43aa2 23 API calls 96617->96618 96619 f435b5 96618->96619 96620 f832eb 96619->96620 96621 f435c0 96619->96621 96625 f8330d 96620->96625 96663 f5ce60 41 API calls 96620->96663 96623 f4515f 22 API calls 96621->96623 96624 f435cc 96623->96624 96657 f435f3 96624->96657 96627 f435df 96627->96607 96629 f44ecb 94 API calls 96628->96629 96630 f444cd 96629->96630 96631 f83833 96630->96631 96633 f44ecb 94 API calls 96630->96633 96632 fb2cf9 80 API calls 96631->96632 96634 f83848 96632->96634 96635 f444e1 96633->96635 96636 f83869 96634->96636 96637 f8384c 96634->96637 96635->96631 96638 f444e9 96635->96638 96640 f5fe0b 22 API calls 96636->96640 96639 f44f39 68 API calls 96637->96639 96641 f444f5 96638->96641 96642 f83854 96638->96642 96639->96642 96656 f838ae 96640->96656 96664 f4940c 136 API calls 2 library calls 96641->96664 96665 fada5a 82 API calls 96642->96665 96645 f83862 96645->96636 96646 f42e31 96647 f44f39 68 API calls 96650 f83a5f 96647->96650 96650->96647 96671 fa989b 82 API calls __wsopen_s 96650->96671 96653 f49cb3 22 API calls 96653->96656 96656->96650 96656->96653 96666 fa967e 22 API calls __fread_nolock 96656->96666 96667 fa95ad 42 API calls _wcslen 96656->96667 96668 fb0b5a 22 API calls 96656->96668 96669 f4a4a1 22 API calls __fread_nolock 96656->96669 96670 f43ff7 22 API calls 96656->96670 96658 f43605 96657->96658 96662 f43624 __fread_nolock 96657->96662 96660 f5fe0b 22 API calls 96658->96660 96659 f5fddb 22 API calls 96661 f4363b 96659->96661 96660->96662 96661->96627 96662->96659 96663->96620 96664->96646 96665->96645 96666->96656 96667->96656 96668->96656 96669->96656 96670->96656 96671->96650 96672 f41cad SystemParametersInfoW 96673 f92a00 96688 f4d7b0 messages 96673->96688 96674 f4db11 PeekMessageW 96674->96688 96675 f4d807 GetInputState 96675->96674 96675->96688 96677 f91cbe TranslateAcceleratorW 96677->96688 96678 f4da04 timeGetTime 96678->96688 96679 f4db73 TranslateMessage DispatchMessageW 96680 f4db8f PeekMessageW 96679->96680 96680->96688 96681 f4dbaf Sleep 96694 f4dbc0 96681->96694 96682 f92b74 Sleep 96682->96694 96683 f5e551 timeGetTime 96683->96694 96684 f91dda timeGetTime 96714 f5e300 23 API calls 96684->96714 96686 fad4dc 47 API calls 96686->96694 96687 f92c0b GetExitCodeProcess 96691 f92c21 WaitForSingleObject 96687->96691 96692 f92c37 CloseHandle 96687->96692 96688->96674 96688->96675 96688->96677 96688->96678 96688->96679 96688->96680 96688->96681 96688->96682 96688->96684 96695 f4d9d5 96688->96695 96701 f4ec40 185 API calls 96688->96701 96702 f51310 185 API calls 96688->96702 96703 f4bf40 185 API calls 96688->96703 96705 f4dd50 96688->96705 96712 f4dfd0 185 API calls 3 library calls 96688->96712 96713 f5edf6 IsDialogMessageW GetClassLongW 96688->96713 96715 fb3a2a 23 API calls 96688->96715 96716 fb359c 82 API calls __wsopen_s 96688->96716 96689 fd29bf GetForegroundWindow 96689->96694 96691->96688 96691->96692 96692->96694 96693 f92a31 96693->96695 96694->96683 96694->96686 96694->96687 96694->96688 96694->96689 96694->96693 96694->96695 96696 f92ca9 Sleep 96694->96696 96717 fc5658 23 API calls 96694->96717 96718 fae97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96694->96718 96696->96688 96701->96688 96702->96688 96703->96688 96706 f4dd83 96705->96706 96707 f4dd6f 96705->96707 96751 fb359c 82 API calls __wsopen_s 96706->96751 96719 f4d260 96707->96719 96709 f4dd7a 96709->96688 96711 f92f75 96711->96711 96712->96688 96713->96688 96714->96688 96715->96688 96716->96688 96717->96694 96718->96694 96720 f4ec40 185 API calls 96719->96720 96721 f4d29d 96720->96721 96722 f4d30b messages 96721->96722 96723 f91bc4 96721->96723 96725 f4d6d5 96721->96725 96726 f4d3c3 96721->96726 96732 f4d4b8 96721->96732 96738 f5fddb 22 API calls 96721->96738 96746 f4d429 __fread_nolock messages 96721->96746 96722->96709 96758 fb359c 82 API calls __wsopen_s 96723->96758 96725->96722 96735 f5fe0b 22 API calls 96725->96735 96726->96725 96727 f4d3ce 96726->96727 96729 f5fddb 22 API calls 96727->96729 96728 f4d5ff 96730 f4d614 96728->96730 96731 f91bb5 96728->96731 96740 f4d3d5 __fread_nolock 96729->96740 96733 f5fddb 22 API calls 96730->96733 96757 fc5705 23 API calls 96731->96757 96736 f5fe0b 22 API calls 96732->96736 96743 f4d46a 96733->96743 96735->96740 96736->96746 96737 f5fddb 22 API calls 96739 f4d3f6 96737->96739 96738->96721 96739->96746 96752 f4bec0 185 API calls 96739->96752 96740->96737 96740->96739 96742 f91ba4 96756 fb359c 82 API calls __wsopen_s 96742->96756 96743->96709 96746->96728 96746->96742 96746->96743 96747 f91b7f 96746->96747 96749 f91b5d 96746->96749 96753 f41f6f 185 API calls 96746->96753 96755 fb359c 82 API calls __wsopen_s 96747->96755 96754 fb359c 82 API calls __wsopen_s 96749->96754 96751->96711 96752->96746 96753->96746 96754->96743 96755->96743 96756->96743 96757->96723 96758->96722 96759 f82402 96762 f41410 96759->96762 96763 f824b8 DestroyWindow 96762->96763 96764 f4144f mciSendStringW 96762->96764 96777 f824c4 96763->96777 96765 f416c6 96764->96765 96766 f4146b 96764->96766 96765->96766 96767 f416d5 UnregisterHotKey 96765->96767 96768 f41479 96766->96768 96766->96777 96767->96765 96795 f4182e 96768->96795 96771 f82509 96776 f8252d 96771->96776 96778 f8251c FreeLibrary 96771->96778 96772 f824d8 96772->96777 96801 f46246 CloseHandle 96772->96801 96773 f824e2 FindClose 96773->96777 96774 f4148e 96774->96776 96783 f4149c 96774->96783 96779 f82541 VirtualFree 96776->96779 96786 f41509 96776->96786 96777->96771 96777->96772 96777->96773 96778->96771 96779->96776 96780 f414f8 OleUninitialize 96780->96786 96781 f41514 96785 f41524 96781->96785 96782 f82589 96788 f82598 messages 96782->96788 96802 fb32eb 6 API calls messages 96782->96802 96783->96780 96799 f41944 VirtualFreeEx CloseHandle 96785->96799 96786->96781 96786->96782 96791 f82627 96788->96791 96803 fa64d4 22 API calls messages 96788->96803 96790 f4153a 96790->96788 96792 f4161f 96790->96792 96791->96791 96792->96791 96800 f41876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96792->96800 96794 f416c1 96796 f4183b 96795->96796 96797 f41480 96796->96797 96804 fa702a 22 API calls 96796->96804 96797->96771 96797->96774 96799->96790 96800->96794 96801->96772 96802->96782 96803->96788 96804->96796 96805 f82ba5 96806 f42b25 96805->96806 96807 f82baf 96805->96807 96833 f42b83 7 API calls 96806->96833 96809 f43a5a 24 API calls 96807->96809 96811 f82bb8 96809->96811 96813 f49cb3 22 API calls 96811->96813 96815 f82bc6 96813->96815 96814 f42b2f 96820 f43837 49 API calls 96814->96820 96824 f42b44 96814->96824 96816 f82bce 96815->96816 96817 f82bf5 96815->96817 96818 f433c6 22 API calls 96816->96818 96819 f433c6 22 API calls 96817->96819 96821 f82bd9 96818->96821 96822 f82bf1 GetForegroundWindow ShellExecuteW 96819->96822 96820->96824 96837 f46350 22 API calls 96821->96837 96829 f82c26 96822->96829 96823 f42b5f 96831 f42b66 SetCurrentDirectoryW 96823->96831 96824->96823 96827 f430f2 Shell_NotifyIconW 96824->96827 96827->96823 96828 f82be7 96830 f433c6 22 API calls 96828->96830 96829->96823 96830->96822 96832 f42b7a 96831->96832 96838 f42cd4 7 API calls 96833->96838 96835 f42b2a 96836 f42c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96835->96836 96836->96814 96837->96828 96838->96835

                                                                Executed Functions

                                                                Function 00F442DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 234 f442de-f4434d call f4a961 GetVersionExW call f46b57 239 f44353 234->239 240 f83617-f8362a 234->240 242 f44355-f44357 239->242 241 f8362b-f8362f 240->241 243 f83631 241->243 244 f83632-f8363e 241->244 245 f4435d-f443bc call f493b2 call f437a0 242->245 246 f83656 242->246 243->244 244->241 247 f83640-f83642 244->247 263 f443c2-f443c4 245->263 264 f837df-f837e6 245->264 250 f8365d-f83660 246->250 247->242 249 f83648-f8364f 247->249 249->240 252 f83651 249->252 253 f83666-f836a8 250->253 254 f4441b-f44435 GetCurrentProcess IsWow64Process 250->254 252->246 253->254 258 f836ae-f836b1 253->258 256 f44494-f4449a 254->256 257 f44437 254->257 260 f4443d-f44449 256->260 257->260 261 f836db-f836e5 258->261 262 f836b3-f836bd 258->262 269 f4444f-f4445e LoadLibraryA 260->269 270 f83824-f83828 GetSystemInfo 260->270 265 f836f8-f83702 261->265 266 f836e7-f836f3 261->266 271 f836ca-f836d6 262->271 272 f836bf-f836c5 262->272 263->250 273 f443ca-f443dd 263->273 267 f837e8 264->267 268 f83806-f83809 264->268 277 f83704-f83710 265->277 278 f83715-f83721 265->278 266->254 276 f837ee 267->276 279 f8380b-f8381a 268->279 280 f837f4-f837fc 268->280 281 f44460-f4446e GetProcAddress 269->281 282 f4449c-f444a6 GetSystemInfo 269->282 271->254 272->254 274 f443e3-f443e5 273->274 275 f83726-f8372f 273->275 283 f8374d-f83762 274->283 284 f443eb-f443ee 274->284 285 f8373c-f83748 275->285 286 f83731-f83737 275->286 276->280 277->254 278->254 279->276 287 f8381c-f83822 279->287 280->268 281->282 288 f44470-f44474 GetNativeSystemInfo 281->288 289 f44476-f44478 282->289 292 f8376f-f8377b 283->292 293 f83764-f8376a 283->293 290 f443f4-f4440f 284->290 291 f83791-f83794 284->291 285->254 286->254 287->280 288->289 294 f44481-f44493 289->294 295 f4447a-f4447b FreeLibrary 289->295 296 f44415 290->296 297 f83780-f8378c 290->297 291->254 298 f8379a-f837c1 291->298 292->254 293->254 295->294 296->254 297->254 299 f837ce-f837da 298->299 300 f837c3-f837c9 298->300 299->254 300->254
                                                                APIs
                                                                • GetVersionExW.KERNEL32(?), ref: 00F4430D
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                • GetCurrentProcess.KERNEL32(?,00FDCB64,00000000,?,?), ref: 00F44422
                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00F44429
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00F44454
                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00F44466
                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00F44474
                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00F4447B
                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 00F444A0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                • API String ID: 3290436268-3101561225
                                                                • Opcode ID: 3eab2f802f75b05aab0b81b177b8ddc868b6c72125f2d90263474d7772b0aa1e
                                                                • Instruction ID: 14630d77ec1a4b64a012bad7885a74c53993b67a21a0dd8b5698340102c32e4a
                                                                • Opcode Fuzzy Hash: 3eab2f802f75b05aab0b81b177b8ddc868b6c72125f2d90263474d7772b0aa1e
                                                                • Instruction Fuzzy Hash: 69A1B472D0E2D0CFCB39D7B974443D97FA56B26710B08C49ADAC1A3A1DD23E4504EBA6
                                                                Function 00F442A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 638 f442a2-f442ba CreateStreamOnHGlobal 639 f442bc-f442d3 FindResourceExW 638->639 640 f442da-f442dd 638->640 641 f835ba-f835c9 LoadResource 639->641 642 f442d9 639->642 641->642 643 f835cf-f835dd SizeofResource 641->643 642->640 643->642 644 f835e3-f835ee LockResource 643->644 644->642 645 f835f4-f83612 644->645 645->642
                                                                APIs
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00F450AA,?,?,00000000,00000000), ref: 00F442B2
                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00F450AA,?,?,00000000,00000000), ref: 00F442C9
                                                                • LoadResource.KERNEL32(?,00000000,?,?,00F450AA,?,?,00000000,00000000,?,?,?,?,?,?,00F44F20), ref: 00F835BE
                                                                • SizeofResource.KERNEL32(?,00000000,?,?,00F450AA,?,?,00000000,00000000,?,?,?,?,?,?,00F44F20), ref: 00F835D3
                                                                • LockResource.KERNEL32(00F450AA,?,?,00F450AA,?,?,00000000,00000000,?,?,?,?,?,?,00F44F20,?), ref: 00F835E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                • String ID: SCRIPT
                                                                • API String ID: 3051347437-3967369404
                                                                • Opcode ID: fe9827511fa045c2ccf0b36986e500e8b35bdd9fb3785011b402064a32526db5
                                                                • Instruction ID: ddeac63ebe8e6ab888f3b0f1d77a976cca031e0dc745ddc9f0d31ef7a6d71be2
                                                                • Opcode Fuzzy Hash: fe9827511fa045c2ccf0b36986e500e8b35bdd9fb3785011b402064a32526db5
                                                                • Instruction Fuzzy Hash: 6611A070201705BFDB219B65DC48F277BBAEBC5B51F14416EF80296290DBB1E900E670
                                                                Function 00F82BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F42B6B
                                                                  • Part of subcall function 00F43A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01011418,?,00F42E7F,?,?,?,00000000), ref: 00F43A78
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,01002224), ref: 00F82C10
                                                                • ShellExecuteW.SHELL32(00000000,?,?,01002224), ref: 00F82C17
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                • String ID: runas
                                                                • API String ID: 448630720-4000483414
                                                                • Opcode ID: 54758c2e918fa6cfe154a183afe32d8a7667982ebb267bcc464f1d01b1e7890b
                                                                • Instruction ID: c1bfc26a655c4e8e7d548508dff09e0175b1bf12f3b02c610c0319b73f299c37
                                                                • Opcode Fuzzy Hash: 54758c2e918fa6cfe154a183afe32d8a7667982ebb267bcc464f1d01b1e7890b
                                                                • Instruction Fuzzy Hash: 3711DF326483056AD718FF70DC459BEBFA4ABD1710F84042DBA82020A2CF798A49F752
                                                                Function 00FAD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00FAD501
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00FAD50F
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00FAD52F
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00FAD5DC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 3243318325-0
                                                                • Opcode ID: ed6dd095aaa7d80722cd1135db654885e413397cc9d6e2fa455f205aa64315ff
                                                                • Instruction ID: 86dbe5d7dffcf6ca3a39c837b911d9ab6062e2c53c4fe6632e02137b5aef909c
                                                                • Opcode Fuzzy Hash: ed6dd095aaa7d80722cd1135db654885e413397cc9d6e2fa455f205aa64315ff
                                                                • Instruction Fuzzy Hash: 4931A4725083019FD301EF64CC85AAFBFF8EF99354F54052DF582861A2EB719944EB92
                                                                Function 00FADBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 907 fadbbe-fadbda lstrlenW 908 fadbdc-fadbe6 GetFileAttributesW 907->908 909 fadc06 907->909 910 fadbe8-fadbf7 FindFirstFileW 908->910 911 fadc09-fadc0d 908->911 909->911 910->909 912 fadbf9-fadc04 FindClose 910->912 912->911
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,00F85222), ref: 00FADBCE
                                                                • GetFileAttributesW.KERNEL32(?), ref: 00FADBDD
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00FADBEE
                                                                • FindClose.KERNEL32(00000000), ref: 00FADBFA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                • String ID:
                                                                • API String ID: 2695905019-0
                                                                • Opcode ID: 9efbf509365ac13318676f96c1c05c1b254923fcdfec096d97bd7daa910221b7
                                                                • Instruction ID: acc7ca44ab39bb7fc557dd691eb8cb4a79fdd730709a2690f123791c41f57830
                                                                • Opcode Fuzzy Hash: 9efbf509365ac13318676f96c1c05c1b254923fcdfec096d97bd7daa910221b7
                                                                • Instruction Fuzzy Hash: FAF0A0718119295782206B78AC0D8AA376E9E02335B904713F876C24E0EBB45D54F6D5
                                                                Function 00F64CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00F728E9,?,00F64CBE,00F728E9,010088B8,0000000C,00F64E15,00F728E9,00000002,00000000,?,00F728E9), ref: 00F64D09
                                                                • TerminateProcess.KERNEL32(00000000,?,00F64CBE,00F728E9,010088B8,0000000C,00F64E15,00F728E9,00000002,00000000,?,00F728E9), ref: 00F64D10
                                                                • ExitProcess.KERNEL32 ref: 00F64D22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: cf9ccd97602c4055365abd349c6396fa8fd128669eb6480e774fa6337960fd79
                                                                • Instruction ID: 3133ef2294daa6f8199b7e2d728d350f7952f44a82deacda00f29ce0beb75c67
                                                                • Opcode Fuzzy Hash: cf9ccd97602c4055365abd349c6396fa8fd128669eb6480e774fa6337960fd79
                                                                • Instruction Fuzzy Hash: 43E0B631801149ABCF11BF64DD09E583B6AEB41791F108015FC498B122CB39ED42FA80
                                                                Function 00F4D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetInputState.USER32 ref: 00F4D807
                                                                • timeGetTime.WINMM ref: 00F4DA07
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F4DB28
                                                                • TranslateMessage.USER32(?), ref: 00F4DB7B
                                                                • DispatchMessageW.USER32(?), ref: 00F4DB89
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F4DB9F
                                                                • Sleep.KERNEL32(0000000A), ref: 00F4DBB1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                • String ID:
                                                                • API String ID: 2189390790-0
                                                                • Opcode ID: 215d17d4398e0a8e0e560e3756b4aea18ce890866a37a0bb60826c1545408a21
                                                                • Instruction ID: e41e4fe621a5378d6e75ded7cc0740b62f82047b39667d9864c86dc36aa478c6
                                                                • Opcode Fuzzy Hash: 215d17d4398e0a8e0e560e3756b4aea18ce890866a37a0bb60826c1545408a21
                                                                • Instruction Fuzzy Hash: C0420731A04342EFEB38CF24C884B6ABBE1FF85314F14455EE99587291D779E844EB82
                                                                Function 00F42CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00F42D07
                                                                • RegisterClassExW.USER32(00000030), ref: 00F42D31
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F42D42
                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00F42D5F
                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F42D6F
                                                                • LoadIconW.USER32(000000A9), ref: 00F42D85
                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F42D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                • API String ID: 2914291525-1005189915
                                                                • Opcode ID: bc6fe9b46870570ace6ddfea63f0069d9326b995ea123261da0bc14149c21db1
                                                                • Instruction ID: 26f480534a016b680239f3948e77422de1fa66d19b074e69df12a1f20b8db450
                                                                • Opcode Fuzzy Hash: bc6fe9b46870570ace6ddfea63f0069d9326b995ea123261da0bc14149c21db1
                                                                • Instruction Fuzzy Hash: 1A21E3B190220DAFDB10DFA4E849BDDBBBAFB08700F00811AF661A7294D7BA4544DF91
                                                                Function 00F8065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 302 f8065b-f8068b call f8042f 305 f8068d-f80698 call f6f2c6 302->305 306 f806a6-f806b2 call f75221 302->306 311 f8069a-f806a1 call f6f2d9 305->311 312 f806cb-f80714 call f8039a 306->312 313 f806b4-f806c9 call f6f2c6 call f6f2d9 306->313 323 f8097d-f80983 311->323 321 f80781-f8078a GetFileType 312->321 322 f80716-f8071f 312->322 313->311 327 f8078c-f807bd GetLastError call f6f2a3 CloseHandle 321->327 328 f807d3-f807d6 321->328 325 f80721-f80725 322->325 326 f80756-f8077c GetLastError call f6f2a3 322->326 325->326 331 f80727-f80754 call f8039a 325->331 326->311 327->311 339 f807c3-f807ce call f6f2d9 327->339 329 f807d8-f807dd 328->329 330 f807df-f807e5 328->330 335 f807e9-f80837 call f7516a 329->335 330->335 336 f807e7 330->336 331->321 331->326 345 f80839-f80845 call f805ab 335->345 346 f80847-f8086b call f8014d 335->346 336->335 339->311 345->346 353 f8086f-f80879 call f786ae 345->353 351 f8086d 346->351 352 f8087e-f808c1 346->352 351->353 355 f808e2-f808f0 352->355 356 f808c3-f808c7 352->356 353->323 359 f8097b 355->359 360 f808f6-f808fa 355->360 356->355 358 f808c9-f808dd 356->358 358->355 359->323 360->359 361 f808fc-f8092f CloseHandle call f8039a 360->361 364 f80931-f8095d GetLastError call f6f2a3 call f75333 361->364 365 f80963-f80977 361->365 364->365 365->359
                                                                APIs
                                                                  • Part of subcall function 00F8039A: CreateFileW.KERNEL32(00000000,00000000,?,00F80704,?,?,00000000,?,00F80704,00000000,0000000C), ref: 00F803B7
                                                                • GetLastError.KERNEL32 ref: 00F8076F
                                                                • __dosmaperr.LIBCMT ref: 00F80776
                                                                • GetFileType.KERNEL32(00000000), ref: 00F80782
                                                                • GetLastError.KERNEL32 ref: 00F8078C
                                                                • __dosmaperr.LIBCMT ref: 00F80795
                                                                • CloseHandle.KERNEL32(00000000), ref: 00F807B5
                                                                • CloseHandle.KERNEL32(?), ref: 00F808FF
                                                                • GetLastError.KERNEL32 ref: 00F80931
                                                                • __dosmaperr.LIBCMT ref: 00F80938
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                • String ID: H
                                                                • API String ID: 4237864984-2852464175
                                                                • Opcode ID: cb8940390dc66c953c226a9c4411643683cb47f082af3e68ad624fcfaf66e974
                                                                • Instruction ID: 31cc49fb1425f4d087f99ef952f44560fab08f21a9a3d5120968919bde54d772
                                                                • Opcode Fuzzy Hash: cb8940390dc66c953c226a9c4411643683cb47f082af3e68ad624fcfaf66e974
                                                                • Instruction Fuzzy Hash: 8BA13732A001088FDF19EF78DC56BEE3BA1AB06320F14015DF8559B391DB399D5AEB91
                                                                Function 00F4344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00F43A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01011418,?,00F42E7F,?,?,?,00000000), ref: 00F43A78
                                                                  • Part of subcall function 00F43357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F43379
                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00F4356A
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00F8318D
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00F831CE
                                                                • RegCloseKey.ADVAPI32(?), ref: 00F83210
                                                                • _wcslen.LIBCMT ref: 00F83277
                                                                • _wcslen.LIBCMT ref: 00F83286
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                • API String ID: 98802146-2727554177
                                                                • Opcode ID: 6603388ad628de7e8244cea0d7cfc93d88eab2be7dc3868df8c6d9999bda4f87
                                                                • Instruction ID: c619d02b1abb6af08341a80dbb28108bba09ee72f8b6b27b5fd6793808d93cc0
                                                                • Opcode Fuzzy Hash: 6603388ad628de7e8244cea0d7cfc93d88eab2be7dc3868df8c6d9999bda4f87
                                                                • Instruction Fuzzy Hash: 8071E2714043019FC324EF29DC829ABBBE8FF85750F50442EF984D3265EB799A48EB52
                                                                Function 00F42B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00F42B8E
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00F42B9D
                                                                • LoadIconW.USER32(00000063), ref: 00F42BB3
                                                                • LoadIconW.USER32(000000A4), ref: 00F42BC5
                                                                • LoadIconW.USER32(000000A2), ref: 00F42BD7
                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00F42BEF
                                                                • RegisterClassExW.USER32(?), ref: 00F42C40
                                                                  • Part of subcall function 00F42CD4: GetSysColorBrush.USER32(0000000F), ref: 00F42D07
                                                                  • Part of subcall function 00F42CD4: RegisterClassExW.USER32(00000030), ref: 00F42D31
                                                                  • Part of subcall function 00F42CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F42D42
                                                                  • Part of subcall function 00F42CD4: InitCommonControlsEx.COMCTL32(?), ref: 00F42D5F
                                                                  • Part of subcall function 00F42CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F42D6F
                                                                  • Part of subcall function 00F42CD4: LoadIconW.USER32(000000A9), ref: 00F42D85
                                                                  • Part of subcall function 00F42CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F42D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                • String ID: #$0$AutoIt v3
                                                                • API String ID: 423443420-4155596026
                                                                • Opcode ID: 2a8e9eda2acd0cfb29f402380fecaca6c7a618b6d9300f0e93367094ff9af451
                                                                • Instruction ID: eaf99bb1a787bb583df26aea5110284062c5bcf8b3bbf1f29ca217747e8774f9
                                                                • Opcode Fuzzy Hash: 2a8e9eda2acd0cfb29f402380fecaca6c7a618b6d9300f0e93367094ff9af451
                                                                • Instruction Fuzzy Hash: 74212C70E02318ABDB249FB5EC55B9DBFB6FB48B50F04801AF640A6698D7BE1540DF90
                                                                Function 00F43170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 443 f43170-f43185 444 f431e5-f431e7 443->444 445 f43187-f4318a 443->445 444->445 448 f431e9 444->448 446 f4318c-f43193 445->446 447 f431eb 445->447 449 f43265-f4326d PostQuitMessage 446->449 450 f43199-f4319e 446->450 452 f82dfb-f82e23 call f418e2 call f5e499 447->452 453 f431f1-f431f6 447->453 451 f431d0-f431d8 DefWindowProcW 448->451 460 f43219-f4321b 449->460 457 f431a4-f431a8 450->457 458 f82e7c-f82e90 call fabf30 450->458 459 f431de-f431e4 451->459 488 f82e28-f82e2f 452->488 454 f4321d-f43244 SetTimer RegisterWindowMessageW 453->454 455 f431f8-f431fb 453->455 454->460 464 f43246-f43251 CreatePopupMenu 454->464 461 f82d9c-f82d9f 455->461 462 f43201-f4320f KillTimer call f430f2 455->462 465 f82e68-f82e77 call fac161 457->465 466 f431ae-f431b3 457->466 458->460 482 f82e96 458->482 460->459 474 f82da1-f82da5 461->474 475 f82dd7-f82df6 MoveWindow 461->475 477 f43214 call f43c50 462->477 464->460 465->460 471 f82e4d-f82e54 466->471 472 f431b9-f431be 466->472 471->451 476 f82e5a-f82e63 call fa0ad7 471->476 480 f431c4-f431ca 472->480 481 f43253-f43263 call f4326f 472->481 483 f82dc6-f82dd2 SetFocus 474->483 484 f82da7-f82daa 474->484 475->460 476->451 477->460 480->451 480->488 481->460 482->451 483->460 484->480 489 f82db0-f82dc1 call f418e2 484->489 488->451 493 f82e35-f82e48 call f430f2 call f43837 488->493 489->460 493->451
                                                                APIs
                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00F4316A,?,?), ref: 00F431D8
                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,00F4316A,?,?), ref: 00F43204
                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F43227
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00F4316A,?,?), ref: 00F43232
                                                                • CreatePopupMenu.USER32 ref: 00F43246
                                                                • PostQuitMessage.USER32(00000000), ref: 00F43267
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                • String ID: TaskbarCreated
                                                                • API String ID: 129472671-2362178303
                                                                • Opcode ID: 42175ba110687bee1d6746acfa070ba8723440ab7e5506f97d08a280d2c52546
                                                                • Instruction ID: 9f0cf0e1094c82c9b0df1efbe4c77e4067c34f6102db69fe15ecc96d5b9eff6b
                                                                • Opcode Fuzzy Hash: 42175ba110687bee1d6746acfa070ba8723440ab7e5506f97d08a280d2c52546
                                                                • Instruction Fuzzy Hash: 7F412A32A40205A7DF282B78DC49BB93F16F745314F044115FE52C6199DBBD9B40F7A1
                                                                Function 00F41410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 499 f41410-f41449 500 f824b8-f824b9 DestroyWindow 499->500 501 f4144f-f41465 mciSendStringW 499->501 506 f824c4-f824d1 500->506 502 f416c6-f416d3 501->502 503 f4146b-f41473 501->503 504 f416d5-f416f0 UnregisterHotKey 502->504 505 f416f8-f416ff 502->505 503->506 507 f41479-f41488 call f4182e 503->507 504->505 508 f416f2-f416f3 call f410d0 504->508 505->503 509 f41705 505->509 510 f82500-f82507 506->510 511 f824d3-f824d6 506->511 518 f8250e-f8251a 507->518 519 f4148e-f41496 507->519 508->505 509->502 510->506 515 f82509 510->515 516 f824d8-f824e0 call f46246 511->516 517 f824e2-f824e5 FindClose 511->517 515->518 520 f824eb-f824f8 516->520 517->520 525 f8251c-f8251e FreeLibrary 518->525 526 f82524-f8252b 518->526 522 f4149c-f414c1 call f4cfa0 519->522 523 f82532-f8253f 519->523 520->510 524 f824fa-f824fb call fb32b1 520->524 536 f414c3 522->536 537 f414f8-f41503 OleUninitialize 522->537 531 f82541-f8255e VirtualFree 523->531 532 f82566-f8256d 523->532 524->510 525->526 526->518 530 f8252d 526->530 530->523 531->532 535 f82560-f82561 call fb3317 531->535 532->523 533 f8256f 532->533 539 f82574-f82578 533->539 535->532 540 f414c6-f414f6 call f41a05 call f419ae 536->540 537->539 541 f41509-f4150e 537->541 539->541 542 f8257e-f82584 539->542 540->537 544 f41514-f4151e 541->544 545 f82589-f82596 call fb32eb 541->545 542->541 548 f41524-f415a5 call f4988f call f41944 call f417d5 call f5fe14 call f4177c call f4988f call f4cfa0 call f417fe call f5fe14 544->548 549 f41707-f41714 call f5f80e 544->549 558 f82598 545->558 562 f8259d-f825bf call f5fdcd 548->562 588 f415ab-f415cf call f5fe14 548->588 549->548 560 f4171a 549->560 558->562 560->549 568 f825c1 562->568 570 f825c6-f825e8 call f5fdcd 568->570 576 f825ea 570->576 579 f825ef-f82611 call f5fdcd 576->579 585 f82613 579->585 589 f82618-f82625 call fa64d4 585->589 588->570 594 f415d5-f415f9 call f5fe14 588->594 595 f82627 589->595 594->579 600 f415ff-f41619 call f5fe14 594->600 597 f8262c-f82639 call f5ac64 595->597 603 f8263b 597->603 600->589 605 f4161f-f41643 call f417d5 call f5fe14 600->605 606 f82640-f8264d call fb3245 603->606 605->597 614 f41649-f41651 605->614 612 f8264f 606->612 616 f82654-f82661 call fb32cc 612->616 614->606 615 f41657-f41675 call f4988f call f4190a 614->615 615->616 624 f4167b-f41689 615->624 622 f82663 616->622 625 f82668-f82675 call fb32cc 622->625 624->625 627 f4168f-f416c5 call f4988f * 3 call f41876 624->627 630 f82677 625->630 630->630
                                                                APIs
                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00F41459
                                                                • OleUninitialize.OLE32(?,00000000), ref: 00F414F8
                                                                • UnregisterHotKey.USER32(?), ref: 00F416DD
                                                                • DestroyWindow.USER32(?), ref: 00F824B9
                                                                • FreeLibrary.KERNEL32(?), ref: 00F8251E
                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F8254B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                • String ID: close all
                                                                • API String ID: 469580280-3243417748
                                                                • Opcode ID: cb96474ef5e5d58b5f6bf82506df4ff0b4955497547e266b51cdc866332a7e31
                                                                • Instruction ID: 68384b04a19701a20b3298f89d5c68e29825b492da2916fcf0677328c8a38e18
                                                                • Opcode Fuzzy Hash: cb96474ef5e5d58b5f6bf82506df4ff0b4955497547e266b51cdc866332a7e31
                                                                • Instruction Fuzzy Hash: 6DD1C231B01212CFCB19EF14C899B69FBA0BF05310F18429DE94A6B252DB30ED56EF91
                                                                Function 00F42C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 648 f42c63-f42cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                APIs
                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00F42C91
                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00F42CB2
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00F41CAD,?), ref: 00F42CC6
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00F41CAD,?), ref: 00F42CCF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$CreateShow
                                                                • String ID: AutoIt v3$edit
                                                                • API String ID: 1584632944-3779509399
                                                                • Opcode ID: 07f97bca76fe0f59b67447f7abfd38f7655422245ecbdb46dd1dab74bcba211a
                                                                • Instruction ID: fbd790184b5c74c88189b3b4e00c0e437cfaf97a076835d77655cf24eb7d5422
                                                                • Opcode Fuzzy Hash: 07f97bca76fe0f59b67447f7abfd38f7655422245ecbdb46dd1dab74bcba211a
                                                                • Instruction Fuzzy Hash: EAF03A755402947AEB300733AC08E777EBED7C6F50B00811AFA00A3298C27A0840EBB1
                                                                Function 00FCAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 763 fcad64-fcad9c call f4a961 call f62340 768 fcad9e-fcadb5 call f47510 763->768 769 fcadd1-fcadd5 763->769 768->769 780 fcadb7-fcadce call f47510 call f47620 768->780 771 fcadd7-fcadee call f47510 call f47620 769->771 772 fcadf1-fcadf5 769->772 771->772 773 fcae3a 772->773 774 fcadf7-fcae0e call f47510 772->774 777 fcae3c-fcae40 773->777 774->777 789 fcae10-fcae21 call f49b47 774->789 781 fcae42-fcae50 call f4b567 777->781 782 fcae53-fcaeae call f62340 call f47510 ShellExecuteExW 777->782 780->769 781->782 800 fcaeb7-fcaeb9 782->800 801 fcaeb0-fcaeb6 call f5fe14 782->801 789->773 799 fcae23-fcae2e call f47510 789->799 799->773 810 fcae30-fcae35 call f4a8c7 799->810 805 fcaebb-fcaec1 call f5fe14 800->805 806 fcaec2-fcaec6 800->806 801->800 805->806 807 fcaec8-fcaed6 806->807 808 fcaf0a-fcaf0e 806->808 812 fcaed8 807->812 813 fcaedb-fcaeeb 807->813 814 fcaf1b-fcaf33 call f4cfa0 808->814 815 fcaf10-fcaf19 808->815 810->773 812->813 818 fcaeed 813->818 819 fcaef0-fcaf08 call f4cfa0 813->819 820 fcaf6d-fcaf7b call f4988f 814->820 827 fcaf35-fcaf46 GetProcessId 814->827 815->820 818->819 819->820 828 fcaf4e-fcaf67 call f4cfa0 CloseHandle 827->828 829 fcaf48 827->829 828->820 829->828
                                                                APIs
                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00FCAEA3
                                                                  • Part of subcall function 00F47620: _wcslen.LIBCMT ref: 00F47625
                                                                • GetProcessId.KERNEL32(00000000), ref: 00FCAF38
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FCAF67
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                • String ID: <$@
                                                                • API String ID: 146682121-1426351568
                                                                • Opcode ID: e4bc8daca5affd6e332a6461c4b936991c8d7cad17d86e32d3ac4a518089b67d
                                                                • Instruction ID: 6134ca24177baad75cb62e7e4f4e2c197268efe191b860994f9999bdd777b11e
                                                                • Opcode Fuzzy Hash: e4bc8daca5affd6e332a6461c4b936991c8d7cad17d86e32d3ac4a518089b67d
                                                                • Instruction Fuzzy Hash: 2A716771A0061ADFCB14EF64C986A9EBBF0EF08314F04849DE816AB352C779ED45DB91
                                                                Function 00F43B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 868 f43b1c-f43b27 869 f43b99-f43b9b 868->869 870 f43b29-f43b2e 868->870 871 f43b8c-f43b8f 869->871 870->869 872 f43b30-f43b48 RegOpenKeyExW 870->872 872->869 873 f43b4a-f43b69 RegQueryValueExW 872->873 874 f43b80-f43b8b RegCloseKey 873->874 875 f43b6b-f43b76 873->875 874->871 876 f43b90-f43b97 875->876 877 f43b78-f43b7a 875->877 878 f43b7e 876->878 877->878 878->874
                                                                APIs
                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00F43B0F,SwapMouseButtons,00000004,?), ref: 00F43B40
                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00F43B0F,SwapMouseButtons,00000004,?), ref: 00F43B61
                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00F43B0F,SwapMouseButtons,00000004,?), ref: 00F43B83
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID: Control Panel\Mouse
                                                                • API String ID: 3677997916-824357125
                                                                • Opcode ID: 6e71fb3956fdd41dde85431011ff2d3df137c1ed0398809d9dcc09cda0158902
                                                                • Instruction ID: adcf170065dcfbad44a75d8e93ae4130ba374d9773e8371b9d1861694a3e945d
                                                                • Opcode Fuzzy Hash: 6e71fb3956fdd41dde85431011ff2d3df137c1ed0398809d9dcc09cda0158902
                                                                • Instruction Fuzzy Hash: E9112AB5511208FFDB218FA5DC48AAEBBB8EF44754B10855AA805D7110D2319E44A7A0
                                                                Function 00F43923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00F833A2
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F43A04
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                • String ID: Line:
                                                                • API String ID: 2289894680-1585850449
                                                                • Opcode ID: e370f5d20e14f0adf3037d24527b176740669e61ad377f002a80829b037f4522
                                                                • Instruction ID: e64fb147b09b01f56db155d79f4c3f31140d89102da58714a08bd718d3a1d5d8
                                                                • Opcode Fuzzy Hash: e370f5d20e14f0adf3037d24527b176740669e61ad377f002a80829b037f4522
                                                                • Instruction Fuzzy Hash: AF31D471808304AAD725EB20DC45BEBBBD8AF41720F10452EF9D983195EB789749D7C3
                                                                Function 00F42DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00F82C8C
                                                                  • Part of subcall function 00F43AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F43A97,?,?,00F42E7F,?,?,?,00000000), ref: 00F43AC2
                                                                  • Part of subcall function 00F42DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00F42DC4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Name$Path$FileFullLongOpen
                                                                • String ID: X$`e
                                                                • API String ID: 779396738-1218242589
                                                                • Opcode ID: 767cd969f03e45213234631ff025c2efa993aff1998d2f6227f0a6dcaa8ee9c7
                                                                • Instruction ID: f7da965bfae1dd7524a58ed5ba38384372d312c340eea460530e24ccfaa671fb
                                                                • Opcode Fuzzy Hash: 767cd969f03e45213234631ff025c2efa993aff1998d2f6227f0a6dcaa8ee9c7
                                                                • Instruction Fuzzy Hash: E221F371A002589BDB41EF94CC05BEE7BFDAF49314F008019E905F7281DBB85A49DFA1
                                                                Function 00F5FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00F60668
                                                                  • Part of subcall function 00F632A4: RaiseException.KERNEL32(?,?,?,00F6068A,?,01011444,?,?,?,?,?,?,00F6068A,00F41129,01008738,00F41129), ref: 00F63304
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00F60685
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                • String ID: Unknown exception
                                                                • API String ID: 3476068407-410509341
                                                                • Opcode ID: 87a398318ecf3c35b5dd5d329ea679fd34ac2cefdedbfbb391bc2f85ddc1570f
                                                                • Instruction ID: dd679571e1c008ff306e464526bd0ae69ce740b3eb9bdf8c770a8ea308dc4aa0
                                                                • Opcode Fuzzy Hash: 87a398318ecf3c35b5dd5d329ea679fd34ac2cefdedbfbb391bc2f85ddc1570f
                                                                • Instruction Fuzzy Hash: 45F02234C0020D738B00BAA4DC46C9E777C6E00320B708075BA1486592EF36EA29F9C0
                                                                Function 00F410F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F41BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F41BF4
                                                                  • Part of subcall function 00F41BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00F41BFC
                                                                  • Part of subcall function 00F41BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F41C07
                                                                  • Part of subcall function 00F41BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F41C12
                                                                  • Part of subcall function 00F41BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00F41C1A
                                                                  • Part of subcall function 00F41BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00F41C22
                                                                  • Part of subcall function 00F41B4A: RegisterWindowMessageW.USER32(00000004,?,00F412C4), ref: 00F41BA2
                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00F4136A
                                                                • OleInitialize.OLE32 ref: 00F41388
                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00F824AB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                • String ID:
                                                                • API String ID: 1986988660-0
                                                                • Opcode ID: 57b628b232393496ef77dbbec8b7080ea361939d33b595c54f8899e1ed1d9f22
                                                                • Instruction ID: 121ad25a822267d8d7c9de01b7ff72ec6a18089f153e48b97b7282cc53623987
                                                                • Opcode Fuzzy Hash: 57b628b232393496ef77dbbec8b7080ea361939d33b595c54f8899e1ed1d9f22
                                                                • Instruction Fuzzy Hash: D671BBB4912301CFC7ACEF79E8556553EE1FB48344358822AEA8AC7349EB3E4445DF85
                                                                Function 00F786AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00F785CC,?,01008CC8,0000000C), ref: 00F78704
                                                                • GetLastError.KERNEL32(?,00F785CC,?,01008CC8,0000000C), ref: 00F7870E
                                                                • __dosmaperr.LIBCMT ref: 00F78739
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                • String ID:
                                                                • API String ID: 490808831-0
                                                                • Opcode ID: 794857eef6db3907d7aee204e7086d6ccefb73f97c397074ca5e219c4f8a6ac1
                                                                • Instruction ID: 671ee9647dbb591a51ef233572d24877d28a65b0c7f86e9e6536551efa7e04be
                                                                • Opcode Fuzzy Hash: 794857eef6db3907d7aee204e7086d6ccefb73f97c397074ca5e219c4f8a6ac1
                                                                • Instruction Fuzzy Hash: 02010C32E4552036D6646234AC4E76E77474B81BB4F25811BF81D8B1E2DDA99C83B192
                                                                Function 00F51310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __Init_thread_footer.LIBCMT ref: 00F517F6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Init_thread_footer
                                                                • String ID: CALL
                                                                • API String ID: 1385522511-4196123274
                                                                • Opcode ID: ce9ea8761e8ba3d505eaa4ca3f42ed8a71e504fdfe800e8902b81b681ce06d72
                                                                • Instruction ID: fccd0e1300e8271cdae6ee8785ce78ced98940cb6d16c641a2e5992196a72d15
                                                                • Opcode Fuzzy Hash: ce9ea8761e8ba3d505eaa4ca3f42ed8a71e504fdfe800e8902b81b681ce06d72
                                                                • Instruction Fuzzy Hash: 2922AE706083019FD714DF14C880B2ABBF1BF85315F28895DFA968B362D775E949EB82
                                                                Function 00F43837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F43908
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: 81dbe47243a8e909395e7429a923fa1d4447cc1a41147430e6a8e2126e25f7db
                                                                • Instruction ID: 57f31cb68d9f8b8b66233c4c2ec40c17df4d850db9a2535b5913391dcc746f3e
                                                                • Opcode Fuzzy Hash: 81dbe47243a8e909395e7429a923fa1d4447cc1a41147430e6a8e2126e25f7db
                                                                • Instruction Fuzzy Hash: 883191B1A057019FD720DF34D885797BBE8FB49718F00092EFAD983240E779AA44DB92
                                                                Function 00F44ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F44E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F44EDD,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44E9C
                                                                  • Part of subcall function 00F44E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F44EAE
                                                                  • Part of subcall function 00F44E90: FreeLibrary.KERNEL32(00000000,?,?,00F44EDD,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44EC0
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44EFD
                                                                  • Part of subcall function 00F44E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F83CDE,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44E62
                                                                  • Part of subcall function 00F44E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F44E74
                                                                  • Part of subcall function 00F44E59: FreeLibrary.KERNEL32(00000000,?,?,00F83CDE,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44E87
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressFreeProc
                                                                • String ID:
                                                                • API String ID: 2632591731-0
                                                                • Opcode ID: d2be285a3b9eb823c8ccf981ba7d829b146dccf025dff03cdce7178e1e99711b
                                                                • Instruction ID: 613d0955fff5b5ad64d9ed7b2822cefb4c4707471a1295a265147d3c304b84b8
                                                                • Opcode Fuzzy Hash: d2be285a3b9eb823c8ccf981ba7d829b146dccf025dff03cdce7178e1e99711b
                                                                • Instruction Fuzzy Hash: 3211E732600205ABDB14BB64DC12FAD7BA59F40B21F10442EF942BB1D1EE78EA49B750
                                                                Function 00F78402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: __wsopen_s
                                                                • String ID:
                                                                • API String ID: 3347428461-0
                                                                • Opcode ID: 964fb2b86e3d6e090de3d399e9523f6be7f68e02fdb5f6291bfe0e1f23ffa360
                                                                • Instruction ID: 2d69023622c306ac39d0aacb754deab0e42c79e2874a7b261c6a0c2123c8bea7
                                                                • Opcode Fuzzy Hash: 964fb2b86e3d6e090de3d399e9523f6be7f68e02fdb5f6291bfe0e1f23ffa360
                                                                • Instruction Fuzzy Hash: 7211487290410AAFCB05DF58E9449DA7BF4EF48310F10805AF808AB302DA71DA22DBA5
                                                                Function 00F75000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F74C7D: RtlAllocateHeap.NTDLL(00000008,00F41129,00000000,?,00F72E29,00000001,00000364,?,?,?,00F6F2DE,00F73863,01011444,?,00F5FDF5,?), ref: 00F74CBE
                                                                • _free.LIBCMT ref: 00F7506C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap_free
                                                                • String ID:
                                                                • API String ID: 614378929-0
                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                • Instruction ID: d67fb5eaf2ad68b4035b35ddfb8c6a51664b8bb9089b0f6d153b055bc5b1389d
                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                • Instruction Fuzzy Hash: D00126726047096BE3218E699C81A5AFBE9FB89370F25451EE19883280EA70A805D6B5
                                                                Function 00F6E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction ID: 37206187bc103e4e938d89441f8c8fbb415097856bc234f17263954e0f569764
                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction Fuzzy Hash: 73F02837920A14AAC7313A79DC05B9A33989F52370F104716F428931D2CB79E802BAA7
                                                                Function 00F74C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000008,00F41129,00000000,?,00F72E29,00000001,00000364,?,?,?,00F6F2DE,00F73863,01011444,?,00F5FDF5,?), ref: 00F74CBE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: bc1b92c61dfabfce0accdd6bd81ec6de07d61bd40b50632e3b6557d16b487e6a
                                                                • Instruction ID: c688b7ee1860fe8561c070bcd5ccb4c5625cced418ae5a1657fc39b0595d529e
                                                                • Opcode Fuzzy Hash: bc1b92c61dfabfce0accdd6bd81ec6de07d61bd40b50632e3b6557d16b487e6a
                                                                • Instruction Fuzzy Hash: 45F0B432A02234A6DB226F729C05B5A3788AF417B0B19C123B91DA6585CB35FC00B6E2
                                                                Function 00F73820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,?,01011444,?,00F5FDF5,?,?,00F4A976,00000010,01011440,00F413FC,?,00F413C6,?,00F41129), ref: 00F73852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 87651c339ee63ba4d3583490d107f35dd53ee80502a6c6ab3c8059424758c0bf
                                                                • Instruction ID: 2859c685d0e1aac5db65f833166ad15ccd352d2fff28d117eb877c9bf66f9bf3
                                                                • Opcode Fuzzy Hash: 87651c339ee63ba4d3583490d107f35dd53ee80502a6c6ab3c8059424758c0bf
                                                                • Instruction Fuzzy Hash: 35E0E533901225B6D7312A779C00F9A3749AB427B0F058123FC0C92581CB35ED01B2E3
                                                                Function 00F44F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44F6D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID:
                                                                • API String ID: 3664257935-0
                                                                • Opcode ID: 995df5eb137c8dbb002e2ab4377d792b381495f3d70b3764f3e3c1b14f6ed679
                                                                • Instruction ID: e72bbd7f4917d05d6004cd7bc0aa7b07332eec3cceb31b70a21e35284959f45e
                                                                • Opcode Fuzzy Hash: 995df5eb137c8dbb002e2ab4377d792b381495f3d70b3764f3e3c1b14f6ed679
                                                                • Instruction Fuzzy Hash: 25F03071505752CFDB349F64D490A12BBE4AF14339310897EE5EA93621C731A848EF50
                                                                Function 00F430F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00F4314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: 3dead3d2de4219ffcd5eb8a7d09a9710616f5600c50a5a9b09e8f0c527b202f9
                                                                • Instruction ID: 1eeac119d14c7adffb01acb5480ee72efcfab2e13b9ccec467ce2cbf91881344
                                                                • Opcode Fuzzy Hash: 3dead3d2de4219ffcd5eb8a7d09a9710616f5600c50a5a9b09e8f0c527b202f9
                                                                • Instruction Fuzzy Hash: D7F037709143189FE766DB34DC467D57BBCA701708F0041E5A68897289D7795788CF51
                                                                Function 00F42DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00F42DC4
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: LongNamePath_wcslen
                                                                • String ID:
                                                                • API String ID: 541455249-0
                                                                • Opcode ID: 008b1128b9ccd91229734f1e56621e6c534da381b89f32efd4908ac38dce27de
                                                                • Instruction ID: e827320d657921cb0f9e35302535a45557cc1f6af4e5e8d0e283039cffd3f5bb
                                                                • Opcode Fuzzy Hash: 008b1128b9ccd91229734f1e56621e6c534da381b89f32efd4908ac38dce27de
                                                                • Instruction Fuzzy Hash: 9DE0CD726001245BCB10A2589C05FDA77DDDFC8790F050171FD09D7248D964AD80D691
                                                                Function 00F42B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F43837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F43908
                                                                  • Part of subcall function 00F4D730: GetInputState.USER32 ref: 00F4D807
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F42B6B
                                                                  • Part of subcall function 00F430F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00F4314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                • String ID:
                                                                • API String ID: 3667716007-0
                                                                • Opcode ID: a8e89473aed9b1689b53b52f5a05405309c5514c778fc16575e5dfe05d44d47e
                                                                • Instruction ID: 2a7d92780a097ec0db23bdf8e530bd0af20481c4cd99f79df6c08937a8cb4453
                                                                • Opcode Fuzzy Hash: a8e89473aed9b1689b53b52f5a05405309c5514c778fc16575e5dfe05d44d47e
                                                                • Instruction Fuzzy Hash: ADE0263270420803CA08BB349C124ADBF599BD1325F40063EFA8243153CE7D4545A351
                                                                Function 00F8039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00F80704,?,?,00000000,?,00F80704,00000000,0000000C), ref: 00F803B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 13463fcd68615ce5733b766bba9b82e0691c1e002c285764b45270cad057c8f5
                                                                • Instruction ID: 6455ad5c8e1f9e05a08a724c47af2d149001a7811f6eff808fb6ee5fd8f57987
                                                                • Opcode Fuzzy Hash: 13463fcd68615ce5733b766bba9b82e0691c1e002c285764b45270cad057c8f5
                                                                • Instruction Fuzzy Hash: 32D06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000BE1856020C732E821EB90
                                                                Function 00F41CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00F41CBC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoParametersSystem
                                                                • String ID:
                                                                • API String ID: 3098949447-0
                                                                • Opcode ID: 7936bed9744987f5e641216f87b2ea21c998ed9ef02ddea1917a639e58435b2a
                                                                • Instruction ID: 2109a1b200781b2250a680016a320f372cbe500093a10296639a14713d270f4f
                                                                • Opcode Fuzzy Hash: 7936bed9744987f5e641216f87b2ea21c998ed9ef02ddea1917a639e58435b2a
                                                                • Instruction Fuzzy Hash: E2C09B35280305DFF7244790BC4AF107755E348B04F148101F749555D7C7BB1450E750

                                                                Non-executed Functions

                                                                Function 00FD9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F59BB2
                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00FD961A
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00FD965B
                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00FD969F
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00FD96C9
                                                                • SendMessageW.USER32 ref: 00FD96F2
                                                                • GetKeyState.USER32(00000011), ref: 00FD978B
                                                                • GetKeyState.USER32(00000009), ref: 00FD9798
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00FD97AE
                                                                • GetKeyState.USER32(00000010), ref: 00FD97B8
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00FD97E9
                                                                • SendMessageW.USER32 ref: 00FD9810
                                                                • SendMessageW.USER32(?,00001030,?,00FD7E95), ref: 00FD9918
                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00FD992E
                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00FD9941
                                                                • SetCapture.USER32(?), ref: 00FD994A
                                                                • ClientToScreen.USER32(?,?), ref: 00FD99AF
                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00FD99BC
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00FD99D6
                                                                • ReleaseCapture.USER32 ref: 00FD99E1
                                                                • GetCursorPos.USER32(?), ref: 00FD9A19
                                                                • ScreenToClient.USER32(?,?), ref: 00FD9A26
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00FD9A80
                                                                • SendMessageW.USER32 ref: 00FD9AAE
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00FD9AEB
                                                                • SendMessageW.USER32 ref: 00FD9B1A
                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00FD9B3B
                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00FD9B4A
                                                                • GetCursorPos.USER32(?), ref: 00FD9B68
                                                                • ScreenToClient.USER32(?,?), ref: 00FD9B75
                                                                • GetParent.USER32(?), ref: 00FD9B93
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00FD9BFA
                                                                • SendMessageW.USER32 ref: 00FD9C2B
                                                                • ClientToScreen.USER32(?,?), ref: 00FD9C84
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00FD9CB4
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00FD9CDE
                                                                • SendMessageW.USER32 ref: 00FD9D01
                                                                • ClientToScreen.USER32(?,?), ref: 00FD9D4E
                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00FD9D82
                                                                  • Part of subcall function 00F59944: GetWindowLongW.USER32(?,000000EB), ref: 00F59952
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD9E05
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                • String ID: @GUI_DRAGID$F
                                                                • API String ID: 3429851547-4164748364
                                                                • Opcode ID: 27a0a9db015d5ea62a133c32901ea9269f5fbc3bca372b7f9a122f5a18d98ec2
                                                                • Instruction ID: e342726cd647734faa91a90720e841b3d13a99e7a665a099bae5bdf37ada862c
                                                                • Opcode Fuzzy Hash: 27a0a9db015d5ea62a133c32901ea9269f5fbc3bca372b7f9a122f5a18d98ec2
                                                                • Instruction Fuzzy Hash: DB429135609201AFD724CF64CC44BAABBE6FF48320F18061AF699973A1D7B5D850EF91
                                                                Function 00FD4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00FD48F3
                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00FD4908
                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00FD4927
                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00FD494B
                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00FD495C
                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00FD497B
                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00FD49AE
                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00FD49D4
                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00FD4A0F
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00FD4A56
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00FD4A7E
                                                                • IsMenu.USER32(?), ref: 00FD4A97
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FD4AF2
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FD4B20
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD4B94
                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00FD4BE3
                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00FD4C82
                                                                • wsprintfW.USER32 ref: 00FD4CAE
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FD4CC9
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00FD4CF1
                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00FD4D13
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FD4D33
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00FD4D5A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                • String ID: %d/%02d/%02d
                                                                • API String ID: 4054740463-328681919
                                                                • Opcode ID: 11cd0ecf4ae67bf1c7c07ed648b736b7ae4595019019bf7910d0275d4705b434
                                                                • Instruction ID: 7a90924d248ca8e87de8d18db6ac8cfc59924c85f7f91e325efb8e20cb9ccb5c
                                                                • Opcode Fuzzy Hash: 11cd0ecf4ae67bf1c7c07ed648b736b7ae4595019019bf7910d0275d4705b434
                                                                • Instruction Fuzzy Hash: 0412F431900219ABEB258F34CC49FAE7BFAEF45710F18411AF919DB2E1DB74A941EB50
                                                                Function 00F5F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00F5F998
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F9F474
                                                                • IsIconic.USER32(00000000), ref: 00F9F47D
                                                                • ShowWindow.USER32(00000000,00000009), ref: 00F9F48A
                                                                • SetForegroundWindow.USER32(00000000), ref: 00F9F494
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F9F4AA
                                                                • GetCurrentThreadId.KERNEL32 ref: 00F9F4B1
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F9F4BD
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00F9F4CE
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00F9F4D6
                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00F9F4DE
                                                                • SetForegroundWindow.USER32(00000000), ref: 00F9F4E1
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F9F4F6
                                                                • keybd_event.USER32(00000012,00000000), ref: 00F9F501
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F9F50B
                                                                • keybd_event.USER32(00000012,00000000), ref: 00F9F510
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F9F519
                                                                • keybd_event.USER32(00000012,00000000), ref: 00F9F51E
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F9F528
                                                                • keybd_event.USER32(00000012,00000000), ref: 00F9F52D
                                                                • SetForegroundWindow.USER32(00000000), ref: 00F9F530
                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00F9F557
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 4125248594-2988720461
                                                                • Opcode ID: d4b7d59ccd38e4c2d3afb60387ea61ba1c7eaa5b983728562ca50530a4f659e4
                                                                • Instruction ID: c4ba8ff6675131e0c921af686dac36469201159685fad5193a2758345376fd76
                                                                • Opcode Fuzzy Hash: d4b7d59ccd38e4c2d3afb60387ea61ba1c7eaa5b983728562ca50530a4f659e4
                                                                • Instruction Fuzzy Hash: 8A316D71A4021DBAFF206BB59C4AFBF7F6DEB44B50F150066FA04E61D1C6B19900FAA0
                                                                Function 00FA1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00FA170D
                                                                  • Part of subcall function 00FA16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00FA173A
                                                                  • Part of subcall function 00FA16C3: GetLastError.KERNEL32 ref: 00FA174A
                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00FA1286
                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00FA12A8
                                                                • CloseHandle.KERNEL32(?), ref: 00FA12B9
                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00FA12D1
                                                                • GetProcessWindowStation.USER32 ref: 00FA12EA
                                                                • SetProcessWindowStation.USER32(00000000), ref: 00FA12F4
                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00FA1310
                                                                  • Part of subcall function 00FA10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00FA11FC), ref: 00FA10D4
                                                                  • Part of subcall function 00FA10BF: CloseHandle.KERNEL32(?,?,00FA11FC), ref: 00FA10E9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                • String ID: $default$winsta0
                                                                • API String ID: 22674027-1027155976
                                                                • Opcode ID: c99a454907ce6af8d52debb64db713bcbca0a92f1b88439dde03ddd9a0d362aa
                                                                • Instruction ID: 435ece3aa6e322f80d7e5e1f6c62a1c70fd5a45b25b95e4b62f1c9ed35fad063
                                                                • Opcode Fuzzy Hash: c99a454907ce6af8d52debb64db713bcbca0a92f1b88439dde03ddd9a0d362aa
                                                                • Instruction Fuzzy Hash: 7A818EB1900209ABDF21DFA8DC49BEE7BB9FF0A714F15412AF911A61A0C7349954EB60
                                                                Function 00FA0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00FA1114
                                                                  • Part of subcall function 00FA10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA1120
                                                                  • Part of subcall function 00FA10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA112F
                                                                  • Part of subcall function 00FA10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA1136
                                                                  • Part of subcall function 00FA10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00FA114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00FA0BCC
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00FA0C00
                                                                • GetLengthSid.ADVAPI32(?), ref: 00FA0C17
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00FA0C51
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00FA0C6D
                                                                • GetLengthSid.ADVAPI32(?), ref: 00FA0C84
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00FA0C8C
                                                                • HeapAlloc.KERNEL32(00000000), ref: 00FA0C93
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00FA0CB4
                                                                • CopySid.ADVAPI32(00000000), ref: 00FA0CBB
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00FA0CEA
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00FA0D0C
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00FA0D1E
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FA0D45
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA0D4C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FA0D55
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA0D5C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FA0D65
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA0D6C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00FA0D78
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA0D7F
                                                                  • Part of subcall function 00FA1193: GetProcessHeap.KERNEL32(00000008,00FA0BB1,?,00000000,?,00FA0BB1,?), ref: 00FA11A1
                                                                  • Part of subcall function 00FA1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00FA0BB1,?), ref: 00FA11A8
                                                                  • Part of subcall function 00FA1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00FA0BB1,?), ref: 00FA11B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: 1fcf87e1508134f005ef927a3cd2af608f5e69597d8627f3480c3058e667b487
                                                                • Instruction ID: 47b2bd3916e254f9d335712548dfd608ba3b58882dfebdc9c79ebbeba56996cf
                                                                • Opcode Fuzzy Hash: 1fcf87e1508134f005ef927a3cd2af608f5e69597d8627f3480c3058e667b487
                                                                • Instruction Fuzzy Hash: 85718DB2D0121AABDF10DFA5EC48FAEBBB9BF05320F044115F914E7191DB71A905EBA0
                                                                Function 00FBEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OpenClipboard.USER32(00FDCC08), ref: 00FBEB29
                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 00FBEB37
                                                                • GetClipboardData.USER32(0000000D), ref: 00FBEB43
                                                                • CloseClipboard.USER32 ref: 00FBEB4F
                                                                • GlobalLock.KERNEL32(00000000), ref: 00FBEB87
                                                                • CloseClipboard.USER32 ref: 00FBEB91
                                                                • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00FBEBBC
                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 00FBEBC9
                                                                • GetClipboardData.USER32(00000001), ref: 00FBEBD1
                                                                • GlobalLock.KERNEL32(00000000), ref: 00FBEBE2
                                                                • GlobalUnlock.KERNEL32(00000000,?), ref: 00FBEC22
                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 00FBEC38
                                                                • GetClipboardData.USER32(0000000F), ref: 00FBEC44
                                                                • GlobalLock.KERNEL32(00000000), ref: 00FBEC55
                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00FBEC77
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00FBEC94
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00FBECD2
                                                                • GlobalUnlock.KERNEL32(00000000,?,?), ref: 00FBECF3
                                                                • CountClipboardFormats.USER32 ref: 00FBED14
                                                                • CloseClipboard.USER32 ref: 00FBED59
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                • String ID:
                                                                • API String ID: 420908878-0
                                                                • Opcode ID: f81479e21c723ff0c38e683471f668a8db877c089adce0c800d47047a0ab90f5
                                                                • Instruction ID: c6570a1fa8b45626724ce438ecbf471b219ce1bd32f1668fbea05980787b2827
                                                                • Opcode Fuzzy Hash: f81479e21c723ff0c38e683471f668a8db877c089adce0c800d47047a0ab90f5
                                                                • Instruction Fuzzy Hash: FF61D2352042069FD300EF25CC84FAABBE9AF84714F14851EF856972A2CB71DD05EFA2
                                                                Function 00FB698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00FB69BE
                                                                • FindClose.KERNEL32(00000000), ref: 00FB6A12
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00FB6A4E
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00FB6A75
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00FB6AB2
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00FB6ADF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                • API String ID: 3830820486-3289030164
                                                                • Opcode ID: 846ff483419789476961456d71b288c4735b2bacb7022be66704d71c4b3f7517
                                                                • Instruction ID: 5e164ac4dd0ed7eac35b60079327e359b060e91af559967c66e731b1c9847998
                                                                • Opcode Fuzzy Hash: 846ff483419789476961456d71b288c4735b2bacb7022be66704d71c4b3f7517
                                                                • Instruction Fuzzy Hash: 56D14372508301AEC710EBA5CC81EAFB7ECAF88704F44491DF985D7191EB78DA48DB62
                                                                Function 00FB9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00FB9663
                                                                • GetFileAttributesW.KERNEL32(?), ref: 00FB96A1
                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00FB96BB
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00FB96D3
                                                                • FindClose.KERNEL32(00000000), ref: 00FB96DE
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00FB96FA
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB974A
                                                                • SetCurrentDirectoryW.KERNEL32(01006B7C), ref: 00FB9768
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00FB9772
                                                                • FindClose.KERNEL32(00000000), ref: 00FB977F
                                                                • FindClose.KERNEL32(00000000), ref: 00FB978F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                • String ID: *.*
                                                                • API String ID: 1409584000-438819550
                                                                • Opcode ID: 25bf066a977c7555f55363a8892e1a6d9094b138794748400d2ca0c188cefd93
                                                                • Instruction ID: c0f2e86ec883fa6d3f3bd1d02aa6ab7dc2b60662e92e279eb148044081a4bf1c
                                                                • Opcode Fuzzy Hash: 25bf066a977c7555f55363a8892e1a6d9094b138794748400d2ca0c188cefd93
                                                                • Instruction Fuzzy Hash: 6831F37290560E6ADF10AFB6DC48ADE37ED9F49321F104156FA14E21A0EB74DD80EE90
                                                                Function 00FB979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00FB97BE
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00FB9819
                                                                • FindClose.KERNEL32(00000000), ref: 00FB9824
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00FB9840
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB9890
                                                                • SetCurrentDirectoryW.KERNEL32(01006B7C), ref: 00FB98AE
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00FB98B8
                                                                • FindClose.KERNEL32(00000000), ref: 00FB98C5
                                                                • FindClose.KERNEL32(00000000), ref: 00FB98D5
                                                                  • Part of subcall function 00FADAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00FADB00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                • String ID: *.*
                                                                • API String ID: 2640511053-438819550
                                                                • Opcode ID: cfb803f14e0eae9ee31c1589c97767153b83fdd6cc35f31d4ffa6e9b47946ef9
                                                                • Instruction ID: 4e8dff3b5e878ecf3623d4f0a4a8497e4072ff3bfb03b682b60496daf04638fd
                                                                • Opcode Fuzzy Hash: cfb803f14e0eae9ee31c1589c97767153b83fdd6cc35f31d4ffa6e9b47946ef9
                                                                • Instruction Fuzzy Hash: 0531163190961E6ADF10EFB6DC48ADE37BD9F06330F104156EA40A2090DB71D984FE60
                                                                Function 00FCBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FCC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00FCB6AE,?,?), ref: 00FCC9B5
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCC9F1
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCCA68
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCCA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FCBF3E
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00FCBFA9
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00FCBFCD
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00FCC02C
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00FCC0E7
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00FCC154
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00FCC1E9
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00FCC23A
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00FCC2E3
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00FCC382
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00FCC38F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 3102970594-0
                                                                • Opcode ID: bb6f1decc06c19764a605f2ce0328d3922a5674f279d9965ad458fe112d9d14c
                                                                • Instruction ID: 5bcebc1758a85f1f6628ea146e1ac6648bb01a505e825547273a5fd51507e596
                                                                • Opcode Fuzzy Hash: bb6f1decc06c19764a605f2ce0328d3922a5674f279d9965ad458fe112d9d14c
                                                                • Instruction Fuzzy Hash: 13024C71A042419FC714DF28C996F2ABBE5EF89314F18849DF84ACB2A2D731EC45DB91
                                                                Function 00FB8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocalTime.KERNEL32(?), ref: 00FB8257
                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00FB8267
                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00FB8273
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00FB8310
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB8324
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB8356
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00FB838C
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB8395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                • String ID: *.*
                                                                • API String ID: 1464919966-438819550
                                                                • Opcode ID: dc595dff80e206278da91dad34872aa990ebc7bf34d748c804f13e62211e5b23
                                                                • Instruction ID: 9bd7004b6893e97eb639502d92a419f90d826473ca4a6701a6d2f26cefbec090
                                                                • Opcode Fuzzy Hash: dc595dff80e206278da91dad34872aa990ebc7bf34d748c804f13e62211e5b23
                                                                • Instruction Fuzzy Hash: 296167B25083059FCB10EF65C8409AEB7E8FF89320F08491AF98987251DB35E906DF92
                                                                Function 00FAD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F43AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F43A97,?,?,00F42E7F,?,?,?,00000000), ref: 00F43AC2
                                                                  • Part of subcall function 00FAE199: GetFileAttributesW.KERNEL32(?,00FACF95), ref: 00FAE19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00FAD122
                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00FAD1DD
                                                                • MoveFileW.KERNEL32(?,?), ref: 00FAD1F0
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00FAD20D
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00FAD237
                                                                  • Part of subcall function 00FAD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00FAD21C,?,?), ref: 00FAD2B2
                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 00FAD253
                                                                • FindClose.KERNEL32(00000000), ref: 00FAD264
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 1946585618-1173974218
                                                                • Opcode ID: 965f5fb81477e3736ab14eb59d190f936f93d86e09c54c8bda034a3e68bf115d
                                                                • Instruction ID: b31e56658223a38aaac3e23508519ec34072f557cb7300a6e76187c2132ffb8e
                                                                • Opcode Fuzzy Hash: 965f5fb81477e3736ab14eb59d190f936f93d86e09c54c8bda034a3e68bf115d
                                                                • Instruction Fuzzy Hash: 69615D71D0510D9BDF05EBE0DD92AEDBBB9AF56300F604165E80277192EB386F09EB60
                                                                Function 00FBED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                • String ID:
                                                                • API String ID: 1737998785-0
                                                                • Opcode ID: 3596c4e29aaf47167dd5bc1e259ef5e97201e4383b6335cdcc69c17eabc3cdc1
                                                                • Instruction ID: 40193bc2964b72c1744794234b57473d6acf274a970c54bc7119644a698f9fc9
                                                                • Opcode Fuzzy Hash: 3596c4e29aaf47167dd5bc1e259ef5e97201e4383b6335cdcc69c17eabc3cdc1
                                                                • Instruction Fuzzy Hash: D241C1356052119FD720DF26D888B99BBE5EF44328F15C099E8198B662C776EC41EFD0
                                                                Function 00FAE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00FA170D
                                                                  • Part of subcall function 00FA16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00FA173A
                                                                  • Part of subcall function 00FA16C3: GetLastError.KERNEL32 ref: 00FA174A
                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00FAE932
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                • API String ID: 2234035333-3163812486
                                                                • Opcode ID: 6278934512c20e9d7c8400a35ed8768dcfbf5048e0c39dcd09bab19e9d634eb4
                                                                • Instruction ID: 6ff6a82323b0591606ac8b5b5d561c4efb2ddfee549e7e9db37cfae3be8fd591
                                                                • Opcode Fuzzy Hash: 6278934512c20e9d7c8400a35ed8768dcfbf5048e0c39dcd09bab19e9d634eb4
                                                                • Instruction Fuzzy Hash: 100126B3A10315ABEB2422B49C8ABFB725CAB1A750F154422F803E21D1D5A45C40B1E0
                                                                Function 00FC1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00FC1276
                                                                • WSAGetLastError.WSOCK32 ref: 00FC1283
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00FC12BA
                                                                • WSAGetLastError.WSOCK32 ref: 00FC12C5
                                                                • closesocket.WSOCK32(00000000), ref: 00FC12F4
                                                                • listen.WSOCK32(00000000,00000005), ref: 00FC1303
                                                                • WSAGetLastError.WSOCK32 ref: 00FC130D
                                                                • closesocket.WSOCK32(00000000), ref: 00FC133C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                • String ID:
                                                                • API String ID: 540024437-0
                                                                • Opcode ID: 8a2e1621df447c5a7efda7ae0c3d434501e8a86e717b3a5eeed7b3972d16af67
                                                                • Instruction ID: daa350d1f3128300559925c35263bcdd7d66a78254645b22fefee8b53471278a
                                                                • Opcode Fuzzy Hash: 8a2e1621df447c5a7efda7ae0c3d434501e8a86e717b3a5eeed7b3972d16af67
                                                                • Instruction Fuzzy Hash: D1417C35A001429FD710DF24C589F69BBE6BF46328F18818DD8568B297C775EC81EBE0
                                                                Function 00FAD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F43AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F43A97,?,?,00F42E7F,?,?,?,00000000), ref: 00F43AC2
                                                                  • Part of subcall function 00FAE199: GetFileAttributesW.KERNEL32(?,00FACF95), ref: 00FAE19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00FAD420
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00FAD470
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00FAD481
                                                                • FindClose.KERNEL32(00000000), ref: 00FAD498
                                                                • FindClose.KERNEL32(00000000), ref: 00FAD4A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 2649000838-1173974218
                                                                • Opcode ID: c7d1ea2c485fc811462495b01506ad0081b6fd3dd82c0ea903d09d840c65968a
                                                                • Instruction ID: 20e1658e565eecf4286c2447bb75f519073014b5d5b885b64a7a36af25e7c456
                                                                • Opcode Fuzzy Hash: c7d1ea2c485fc811462495b01506ad0081b6fd3dd82c0ea903d09d840c65968a
                                                                • Instruction Fuzzy Hash: FC3182714093459FC304EF64CC558AF7BA8BE96314F444A1EF8D293191EB34AA09E763
                                                                Function 00F7E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: __floor_pentium4
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 4168288129-2761157908
                                                                • Opcode ID: d4537d0d633daa650a0dc1dfab0001d48e2bdd75738e43a73bc924b1d29f8657
                                                                • Instruction ID: f40b1c63028938ea46f501c1731770d91b3e505e2b9f7a641f2a2cdec57f1456
                                                                • Opcode Fuzzy Hash: d4537d0d633daa650a0dc1dfab0001d48e2bdd75738e43a73bc924b1d29f8657
                                                                • Instruction Fuzzy Hash: 02C23C72E046288FDB25CE28DD407EAB7B5EB48314F1481EBD44DE7241E778AE859F42
                                                                Function 00FB648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00FB64DC
                                                                • CoInitialize.OLE32(00000000), ref: 00FB6639
                                                                • CoCreateInstance.OLE32(00FDFCF8,00000000,00000001,00FDFB68,?), ref: 00FB6650
                                                                • CoUninitialize.OLE32 ref: 00FB68D4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 886957087-24824748
                                                                • Opcode ID: 297ff9b6a344fdfde9140660ccd758f618e6050ad449fc344083b6fea423ebf6
                                                                • Instruction ID: 08b59f40eb1f6a9342a90aa583bd9a01418017403c88420e2419a2ae5f471630
                                                                • Opcode Fuzzy Hash: 297ff9b6a344fdfde9140660ccd758f618e6050ad449fc344083b6fea423ebf6
                                                                • Instruction Fuzzy Hash: 6CD159716083019FC314EF24C881DABBBE9FF98314F04495DF9958B291EB75E909DBA2
                                                                Function 00FC22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 00FC22E8
                                                                  • Part of subcall function 00FBE4EC: GetWindowRect.USER32(?,?), ref: 00FBE504
                                                                • GetDesktopWindow.USER32 ref: 00FC2312
                                                                • GetWindowRect.USER32(00000000), ref: 00FC2319
                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00FC2355
                                                                • GetCursorPos.USER32(?), ref: 00FC2381
                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00FC23DF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                • String ID:
                                                                • API String ID: 2387181109-0
                                                                • Opcode ID: 9261b934665549b5a6fb55d214b96306ed23747917888783ec3a9052e30d7cca
                                                                • Instruction ID: 09f44b722e46b851df4ac6dd1626d6db638ce41dc6a519becf913ded47561e10
                                                                • Opcode Fuzzy Hash: 9261b934665549b5a6fb55d214b96306ed23747917888783ec3a9052e30d7cca
                                                                • Instruction Fuzzy Hash: D131CF72505356ABD720DF24D945F9BB7AAFF88710F00091EF98597181DB34E908DBD2
                                                                Function 00FB9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00FB9B78
                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00FB9C8B
                                                                  • Part of subcall function 00FB3874: GetInputState.USER32 ref: 00FB38CB
                                                                  • Part of subcall function 00FB3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FB3966
                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00FB9BA8
                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00FB9C75
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                • String ID: *.*
                                                                • API String ID: 1972594611-438819550
                                                                • Opcode ID: 9bdbdb8ae596c48511f0c87141162dc1d236c8e7bd7c4a1b6ccd77867672f95b
                                                                • Instruction ID: 30f0a8b69ec66311472a1fab987b66d99a44d8a84e5ab2a9e1d5b7f42543e48f
                                                                • Opcode Fuzzy Hash: 9bdbdb8ae596c48511f0c87141162dc1d236c8e7bd7c4a1b6ccd77867672f95b
                                                                • Instruction Fuzzy Hash: 834190B1D4820A9FDF15DFA5CC89AEE7BB4EF05310F244156E905A3191EB709E84EFA0
                                                                Function 00FAAA57 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107keyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00FAAAAC
                                                                • SetKeyboardState.USER32(00000080), ref: 00FAAAC8
                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00FAAB36
                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00FAAB88
                                                                Strings
                                                                • ______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{, xrefs: 00FAAAEA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID: ______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{
                                                                • API String ID: 432972143-4086604533
                                                                • Opcode ID: 984bcd97d92911ccbb40bb657ee96f9b3f85d961c8920cfa7e78978cb522a5ed
                                                                • Instruction ID: 41756b710a2d7356afabc1d54492871a08de446b7cc924c377a5ed1c9233020f
                                                                • Opcode Fuzzy Hash: 984bcd97d92911ccbb40bb657ee96f9b3f85d961c8920cfa7e78978cb522a5ed
                                                                • Instruction Fuzzy Hash: BB311AB0E40608AEFF35CA64CC05BFA77A6AB86360F04421AF185561D1D3759989F7B2
                                                                Function 00F48060 Relevance: 8.7, Strings: 6, Instructions: 1151COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 00F85D0F
                                                                • ERCP, xrefs: 00F4813C
                                                                • VUUU, xrefs: 00F85DF0
                                                                • VUUU, xrefs: 00F483E8
                                                                • VUUU, xrefs: 00F483FA
                                                                • VUUU, xrefs: 00F4843C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU$_______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                                • API String ID: 0-2009957334
                                                                • Opcode ID: 5aaa1223934b942201cc0ccb1665b933f901dc26dcb8785921e1d1541d7ec52b
                                                                • Instruction ID: 6daa629baf8fbf93f876cce0b23cc16d5fe115b08f8171d248b470334ffca4f9
                                                                • Opcode Fuzzy Hash: 5aaa1223934b942201cc0ccb1665b933f901dc26dcb8785921e1d1541d7ec52b
                                                                • Instruction Fuzzy Hash: 5AA28E71E0021ACBDF24DF58C8407EDBBB1BB54764F2481AAEC15A7285DB749D82EF90
                                                                Function 00F5997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F59BB2
                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00F59A4E
                                                                • GetSysColor.USER32(0000000F), ref: 00F59B23
                                                                • SetBkColor.GDI32(?,00000000), ref: 00F59B36
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$LongProcWindow
                                                                • String ID:
                                                                • API String ID: 3131106179-0
                                                                • Opcode ID: 5c386285bfed581e2898e2ae11a084cc97e904c5b15f88a737a89f2dd3adc3ea
                                                                • Instruction ID: 0b08629f22fa59571016fd55c8a3023b12f9fca622be15d018913f5c83b68109
                                                                • Opcode Fuzzy Hash: 5c386285bfed581e2898e2ae11a084cc97e904c5b15f88a737a89f2dd3adc3ea
                                                                • Instruction Fuzzy Hash: 1EA1197151C744FEFB2CAA7C8C48F7B365EDB82361B15410AFA02C6685CAAD9D05F272
                                                                Function 00FC1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00FC307A
                                                                  • Part of subcall function 00FC304E: _wcslen.LIBCMT ref: 00FC309B
                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00FC185D
                                                                • WSAGetLastError.WSOCK32 ref: 00FC1884
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00FC18DB
                                                                • WSAGetLastError.WSOCK32 ref: 00FC18E6
                                                                • closesocket.WSOCK32(00000000), ref: 00FC1915
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 1601658205-0
                                                                • Opcode ID: c682bd50a6f9469f2c8b350de7ab2c614db8407429a6858632d72173a1866439
                                                                • Instruction ID: fde5966b2d28d07d4861ddeff21ba05bcc0c48d413bef30d3feed1048a03bd14
                                                                • Opcode Fuzzy Hash: c682bd50a6f9469f2c8b350de7ab2c614db8407429a6858632d72173a1866439
                                                                • Instruction Fuzzy Hash: B2518171A00211AFEB10AF24C986F2A7BA5AB45718F18849CF9059F3D3C775AD41EBE1
                                                                Function 00FD1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                • String ID:
                                                                • API String ID: 292994002-0
                                                                • Opcode ID: 75cfdb46d666e9b7007b5443443ed9f685248a3de1ab7877a39ce050f688a533
                                                                • Instruction ID: 5521d93adf3751b9ce9215e9a498fd210d148f6ae5f527ba9dfce90a6c9529fe
                                                                • Opcode Fuzzy Hash: 75cfdb46d666e9b7007b5443443ed9f685248a3de1ab7877a39ce050f688a533
                                                                • Instruction Fuzzy Hash: 1121D631B512116FD7208F2AC844B5A7BA7FF95325B1C805AE8498B351D775DC42EBD0
                                                                Function 00F7BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00F7BB7F
                                                                  • Part of subcall function 00F729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000), ref: 00F729DE
                                                                  • Part of subcall function 00F729C8: GetLastError.KERNEL32(00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000,00000000), ref: 00F729F0
                                                                • GetTimeZoneInformation.KERNEL32 ref: 00F7BB91
                                                                • WideCharToMultiByte.KERNEL32(00000000,?,0101121C,000000FF,?,0000003F,?,?), ref: 00F7BC09
                                                                • WideCharToMultiByte.KERNEL32(00000000,?,01011270,000000FF,?,0000003F,?,?,?,0101121C,000000FF,?,0000003F,?,?), ref: 00F7BC36
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                • String ID:
                                                                • API String ID: 806657224-0
                                                                • Opcode ID: b87ef63287073376496b6c3464a5f4da48ab1ed76182a6a47dbb7e3cc3c49681
                                                                • Instruction ID: 10f798023ca0e3c5a3e86caa5c4e0d3665de138da3f81b28d4fb7b55c589ae1a
                                                                • Opcode Fuzzy Hash: b87ef63287073376496b6c3464a5f4da48ab1ed76182a6a47dbb7e3cc3c49681
                                                                • Instruction Fuzzy Hash: F13102B0904205EFCB15DF78CC80AA9BBB8BF46320714C25BE158D72A5C7398950EB51
                                                                Function 00FBCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 00FBCE89
                                                                • GetLastError.KERNEL32(?,00000000), ref: 00FBCEEA
                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 00FBCEFE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorEventFileInternetLastRead
                                                                • String ID:
                                                                • API String ID: 234945975-0
                                                                • Opcode ID: 2b51e4ad3b0fcce00da3b00b01239013ae3d2ceccdb8b6558fbd87fa719fb3d6
                                                                • Instruction ID: e09e7feab59316deee4337c779c3bfd9f4a2bfd373bb131461281677af17b4dc
                                                                • Opcode Fuzzy Hash: 2b51e4ad3b0fcce00da3b00b01239013ae3d2ceccdb8b6558fbd87fa719fb3d6
                                                                • Instruction Fuzzy Hash: 4C218C72900306DBEB209FA6C948BA777F9EB40364F10441EE54692151E774EE04EFA0
                                                                Function 00FA8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00FA82AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID: ($|
                                                                • API String ID: 1659193697-1631851259
                                                                • Opcode ID: b84cc8a2f0175d9598bab17a8b74b3f0b9934d307432c3220a014bd67d426311
                                                                • Instruction ID: 7dd17ecf8fcd2f30ccbec763b492a0ec5f3afd9d0fb97f5eb6621466c3ec9d1c
                                                                • Opcode Fuzzy Hash: b84cc8a2f0175d9598bab17a8b74b3f0b9934d307432c3220a014bd67d426311
                                                                • Instruction Fuzzy Hash: 023239B5A007059FCB28CF59C481A6AB7F0FF48760B15C46EE59ADB3A1DB70E942DB40
                                                                Function 00FB5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00FB5CC1
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00FB5D17
                                                                • FindClose.KERNEL32(?), ref: 00FB5D5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: 2dedf5285a065fcbb94e66e916e6b4f3f359dad5e07dc14fb568db6aa24f9690
                                                                • Instruction ID: 53bb98198d9826e26a2a89cc0cffc2eef9fa5aef2722245bfe7e799c20dd015c
                                                                • Opcode Fuzzy Hash: 2dedf5285a065fcbb94e66e916e6b4f3f359dad5e07dc14fb568db6aa24f9690
                                                                • Instruction Fuzzy Hash: 5151AC75A046019FC714CF29C894A96BBE4FF49324F14865EE95A8B3A1CB38FC04DF91
                                                                Function 00F72622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 00F7271A
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F72724
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00F72731
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                • String ID:
                                                                • API String ID: 3906539128-0
                                                                • Opcode ID: 0269df50c724162d9634ac2e85825538ced3a55ff28d5066dd7c3052b211015d
                                                                • Instruction ID: d557474a8f0ababc1bad7bd56337e4381fcc03b85c43c750d6248af23d784b51
                                                                • Opcode Fuzzy Hash: 0269df50c724162d9634ac2e85825538ced3a55ff28d5066dd7c3052b211015d
                                                                • Instruction Fuzzy Hash: 5F31D67491121D9BCB61DF68DD897DDB7B8AF08310F5042EAE80CA7260EB349F819F45
                                                                Function 00FB51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00FB51DA
                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00FB5238
                                                                • SetErrorMode.KERNEL32(00000000), ref: 00FB52A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                • String ID:
                                                                • API String ID: 1682464887-0
                                                                • Opcode ID: 11f6fb6e7c857eb113955dd421e8711a9b6377346dc28841d0133cf121979eac
                                                                • Instruction ID: 02c50371978433a608797f0c6542e3b8bbd289e650903207baa1499297d07c92
                                                                • Opcode Fuzzy Hash: 11f6fb6e7c857eb113955dd421e8711a9b6377346dc28841d0133cf121979eac
                                                                • Instruction Fuzzy Hash: 51317C75A00518DFDB00DF54D884FADBBB5FF09314F088099E805AB352CB36E846DBA0
                                                                Function 00FA16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F5FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00F60668
                                                                  • Part of subcall function 00F5FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00F60685
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00FA170D
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00FA173A
                                                                • GetLastError.KERNEL32 ref: 00FA174A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                • String ID:
                                                                • API String ID: 577356006-0
                                                                • Opcode ID: a705ddc5fe131a42e85444df40501448699a9105eb29ab2d2596ce4d970d78cd
                                                                • Instruction ID: ba2b8130859990fc70a5da95dcd93f55d891baeff35cfd81d9edbfb7dfdefc83
                                                                • Opcode Fuzzy Hash: a705ddc5fe131a42e85444df40501448699a9105eb29ab2d2596ce4d970d78cd
                                                                • Instruction Fuzzy Hash: F511C1B2400309AFD718AF64DC86D6AB7B9FB04714B20852EE45697241EB70BC45DA60
                                                                Function 00FAD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00FAD608
                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00FAD645
                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00FAD650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                • String ID:
                                                                • API String ID: 33631002-0
                                                                • Opcode ID: 2225a04efee65ea55c7ee4bf1e41b359c6ab32aaf7fd2884c208ae1a5a1cb7c5
                                                                • Instruction ID: 7d15e0cb9ccf236903c1cb6021a7424f38cdc5114a6eccacdd9af03ed9ab13e9
                                                                • Opcode Fuzzy Hash: 2225a04efee65ea55c7ee4bf1e41b359c6ab32aaf7fd2884c208ae1a5a1cb7c5
                                                                • Instruction Fuzzy Hash: 6D115EB5E05228BFDB148FA5DC45FAFBBBCEB45B60F108116F904E7290D6704A059BE1
                                                                Function 00FA1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00FA168C
                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00FA16A1
                                                                • FreeSid.ADVAPI32(?), ref: 00FA16B1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                • String ID:
                                                                • API String ID: 3429775523-0
                                                                • Opcode ID: cfa7489408e26773dad71e94e28399df250532b272aec8fd3715b35b9c498b0d
                                                                • Instruction ID: 4bf4bc4a3ee01a89163b1c446fbf4fe3817277173117f5e4a97e9130175a18ae
                                                                • Opcode Fuzzy Hash: cfa7489408e26773dad71e94e28399df250532b272aec8fd3715b35b9c498b0d
                                                                • Instruction Fuzzy Hash: F7F0F47195130DFBDF00DFF4DC89AAEBBBDFB08604F504565E501E2181E774AA449A90
                                                                Function 00F9D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00F9D28C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID: X64
                                                                • API String ID: 2645101109-893830106
                                                                • Opcode ID: abed5275599aed51fa071810defca0ccaa72da5ac9d515060fa45dffed2f597a
                                                                • Instruction ID: 3fd17cedadc2b06706f481e676a68f7f29369852089b067919fb5b163196cee3
                                                                • Opcode Fuzzy Hash: abed5275599aed51fa071810defca0ccaa72da5ac9d515060fa45dffed2f597a
                                                                • Instruction Fuzzy Hash: 73D0C9B580211DEACF94CBA0DC88ED9B37CBB04305F100152F506E2080D7309548AF10
                                                                Function 00F6CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction ID: abf4073c518ba1c84133384ff04df814f311dc34ce11972c530a07b0dff34383
                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction Fuzzy Hash: FC022D72E001199FDF14CFA9C8806ADFBF5FF88324F25816AD999E7380D731A9419B94
                                                                Function 00FB68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00FB6918
                                                                • FindClose.KERNEL32(00000000), ref: 00FB6961
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: d9ef4e14190d10a0a846095e8184cd9f92641525c07d54d36f690b43b663cb8f
                                                                • Instruction ID: befa94237c2f264a636cd2575c5a96665cb6e8fdcffd5589665034d6a15db092
                                                                • Opcode Fuzzy Hash: d9ef4e14190d10a0a846095e8184cd9f92641525c07d54d36f690b43b663cb8f
                                                                • Instruction Fuzzy Hash: 041190316042119FD710DF2AD884A16BBE5FF85329F15C699E8698F2A2C738EC05DBD1
                                                                Function 00FB37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00FC4891,?,?,00000035,?), ref: 00FB37E4
                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00FC4891,?,?,00000035,?), ref: 00FB37F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorFormatLastMessage
                                                                • String ID:
                                                                • API String ID: 3479602957-0
                                                                • Opcode ID: 0c77fe42fcde2448f658061f3e7f7284d781ab6e8ea5ae6090acc4675e844de6
                                                                • Instruction ID: c7d86c9dc65b75ed70ad98823039da29674b25c1488758ce9b24e30c2b69eac2
                                                                • Opcode Fuzzy Hash: 0c77fe42fcde2448f658061f3e7f7284d781ab6e8ea5ae6090acc4675e844de6
                                                                • Instruction Fuzzy Hash: 0AF0E5B17092296AE72027769C4DFEB3BAEEFC4761F000265F609D2281D9609904DBF0
                                                                Function 00FAB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00FAB25D
                                                                • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00FAB270
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: InputSendkeybd_event
                                                                • String ID:
                                                                • API String ID: 3536248340-0
                                                                • Opcode ID: 398435667267332a048c44aa794a78b6816b1f4d1d775d09be57484b17b6ace2
                                                                • Instruction ID: 530a17f08dd291f258de93e523723026530628951be628ce3859903b5c540e73
                                                                • Opcode Fuzzy Hash: 398435667267332a048c44aa794a78b6816b1f4d1d775d09be57484b17b6ace2
                                                                • Instruction Fuzzy Hash: DBF01D7180424EABDB069FA0C805BAE7BB4FF05315F04804AF955A5192C7798611EF94
                                                                Function 00FA10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00FA11FC), ref: 00FA10D4
                                                                • CloseHandle.KERNEL32(?,?,00FA11FC), ref: 00FA10E9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                • String ID:
                                                                • API String ID: 81990902-0
                                                                • Opcode ID: f7c371df7355cf7545b5ff2fc7995c223ebb20314b59dd5cc8af27c7363bdef8
                                                                • Instruction ID: 3ea1a7225aecd00df13ae9d69812800c7a7847aa6759c98265fe66d4c3eb8f7a
                                                                • Opcode Fuzzy Hash: f7c371df7355cf7545b5ff2fc7995c223ebb20314b59dd5cc8af27c7363bdef8
                                                                • Instruction Fuzzy Hash: E6E04F72004601AFF7252B21FC0AE7377A9EB04321F10C82EF9A5804B1DB626C94EB50
                                                                Function 00F4CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Variable is not of type 'Object'., xrefs: 00F90C40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Variable is not of type 'Object'.
                                                                • API String ID: 0-1840281001
                                                                • Opcode ID: 9700bdf4b1bda1bb9e5e10c351a7583a7284a25b140fe0d67d67eb37957f385f
                                                                • Instruction ID: e2d6e17c6332c67d978555350251b2da914b1d1a623beeae9d6173fc8092eaaa
                                                                • Opcode Fuzzy Hash: 9700bdf4b1bda1bb9e5e10c351a7583a7284a25b140fe0d67d67eb37957f385f
                                                                • Instruction Fuzzy Hash: 72327A31D012189FDF54DF90C881BEDBBB5BF04314F144069ED06AB292DB79AD49EBA0
                                                                Function 00F7676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F76766,?,?,00000008,?,?,00F7FEFE,00000000), ref: 00F76998
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise
                                                                • String ID:
                                                                • API String ID: 3997070919-0
                                                                • Opcode ID: ffd5b0825d773fa6e3270aa50f86ec3a2534cc6a4db1e0b39a208297a737deb1
                                                                • Instruction ID: d34bc9b159fac71a4f5ae17488eeaf609080fb51a8ebffb7eec3cd99318aa17f
                                                                • Opcode Fuzzy Hash: ffd5b0825d773fa6e3270aa50f86ec3a2534cc6a4db1e0b39a208297a737deb1
                                                                • Instruction Fuzzy Hash: 09B16C32910A099FE719CF28C486B647BE0FF05364F25C659E89DCF2A2C335D981DB42
                                                                Function 00F5B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 1864421e8475ad7342196ae53f90bdeaf69f7274af674a901f406cdf39f34467
                                                                • Instruction ID: 035a61c4a92031711345cffef0ec4b95196ccd5b05ebacc62109771640581aa2
                                                                • Opcode Fuzzy Hash: 1864421e8475ad7342196ae53f90bdeaf69f7274af674a901f406cdf39f34467
                                                                • Instruction Fuzzy Hash: B0125E71D002299FDF24CF58C880BEEB7B5FF49710F14819AE949EB251DB349A85EB90
                                                                Function 00FBEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • BlockInput.USER32(00000001), ref: 00FBEABD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: BlockInput
                                                                • String ID:
                                                                • API String ID: 3456056419-0
                                                                • Opcode ID: 4f2d8e85002a7e924e5ee43c54c885cd436fbaf07ea67347a6aca121e7d28989
                                                                • Instruction ID: 8bee117701ceda8367172932e1cc78d2198f1c1d689b11d2a088636b249e08c2
                                                                • Opcode Fuzzy Hash: 4f2d8e85002a7e924e5ee43c54c885cd436fbaf07ea67347a6aca121e7d28989
                                                                • Instruction Fuzzy Hash: 84E01A362002049FC710EF6AD804E9AFBEDAF98770F008416FC49C7391DA79E8409BA0
                                                                Function 00F609D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00F603EE), ref: 00F609DA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled
                                                                • String ID:
                                                                • API String ID: 3192549508-0
                                                                • Opcode ID: 5a1f12c76b4cd68f641d2d7abf4382a0436668a178710b914040c0cae4fd5df5
                                                                • Instruction ID: 38d93aa7c6aeac3614379149b45d7dcff72c2a61be35375626c74b50ed1de43c
                                                                • Opcode Fuzzy Hash: 5a1f12c76b4cd68f641d2d7abf4382a0436668a178710b914040c0cae4fd5df5
                                                                • Instruction Fuzzy Hash:
                                                                Function 00F6781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0
                                                                • API String ID: 0-4108050209
                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction ID: 4d1fe8a426a956e419b4484b43236329c35b9639704d4fff12655f909ac802e6
                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction Fuzzy Hash: 0E515972E0C7455BDB38B57888597BF63D59B0236CF280A09E882D7283C619EE46F356
                                                                Function 00F76DD9 Relevance: .6, Instructions: 637COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac5784f6ec91df2fba9dd9c1837b690c850555ccdd35f180109f1a7d08625170
                                                                • Instruction ID: 35ee97987510e1f095c71b603cbb4a60ba1bf0dc3f4bfdfa52e8b829dfa1a4ba
                                                                • Opcode Fuzzy Hash: ac5784f6ec91df2fba9dd9c1837b690c850555ccdd35f180109f1a7d08625170
                                                                • Instruction Fuzzy Hash: 9E326422D39F454DD723A634CC62335A68DAFB73D4F15C337E81AB99A6EB28C4836101
                                                                Function 00F5CC39 Relevance: .6, Instructions: 635COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 302652e6670c68fd62b0fd7071bcb7e70f431243234a87cba26f06a7aef4475f
                                                                • Instruction ID: d851841d2349186f697a3daafe5de120331ea49a0201cb3cf66adb521c458819
                                                                • Opcode Fuzzy Hash: 302652e6670c68fd62b0fd7071bcb7e70f431243234a87cba26f06a7aef4475f
                                                                • Instruction Fuzzy Hash: 69323D32E002858FEF25CF29C49467D7BA1EB45321F288566DA5ACB291D334DD85FBC1
                                                                Function 00F47920 Relevance: .6, Instructions: 563COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cdbad690405eaf4731cca22fc1e6601759d6bb3e12d10fe358d59496c26d8689
                                                                • Instruction ID: 113ed3f97f5e675553514884049b95d0e0cc66dae6a1e79723edb632ce0d393f
                                                                • Opcode Fuzzy Hash: cdbad690405eaf4731cca22fc1e6601759d6bb3e12d10fe358d59496c26d8689
                                                                • Instruction Fuzzy Hash: 0F22C271E04609DFDF14EF64C881AEEB7B6FF44710F144529E812AB291EB3A9D14EB50
                                                                Function 00F491C0 Relevance: .5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9cb997fa10497d58f0d4735bc9201cc5fb4b6a4cdc8fab31191e5ab1df58e4e7
                                                                • Instruction ID: d91565cf09acc40bd2d8467f8e56b8dcbf10ed626a2f2141bb2122581dbdc0fd
                                                                • Opcode Fuzzy Hash: 9cb997fa10497d58f0d4735bc9201cc5fb4b6a4cdc8fab31191e5ab1df58e4e7
                                                                • Instruction Fuzzy Hash: F002C6B1E00205EFDB05EF54D881AAEBBB5FF44310F108169E816DB391EB75AE14EB91
                                                                Function 00F79EEE Relevance: .3, Instructions: 294COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 588d4c0630e9b6b910d3ba2ff209b128a0fef488509de7de8f7abb0dfc0edb97
                                                                • Instruction ID: fb3bda80359159adca2c6abb8290f5228755129e54e1e172445ebc7d61b6481c
                                                                • Opcode Fuzzy Hash: 588d4c0630e9b6b910d3ba2ff209b128a0fef488509de7de8f7abb0dfc0edb97
                                                                • Instruction Fuzzy Hash: 1EB12620D2AF844DD32396398879336B65C6FBB2C5F52D31BFC1679D22EB2285835141
                                                                Function 00F61C77 Relevance: .3, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction ID: 8425a342cf981425ecaefe6de93ca6b5a585b6fb1602eaf7cd17d19a4ba1ed21
                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction Fuzzy Hash: 67915673A080E34ADB6D463A857417EFFE16A523B131E079ED4F2CA1C5EE14D954F620
                                                                Function 00F61F32 Relevance: .2, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction ID: 523f021434f0bddef1aec6ff73e09b365c87abee873957312a1b2a435ae799e5
                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction Fuzzy Hash: 1E915473A0D4A34ADBAD463A857413EFFE15A923B131E079DD4F2CB1C5EE248564F620
                                                                Function 00F619B0 Relevance: .2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction ID: b54c0c27d69e95290fcd188addb88afea45a9e01bc383b926557cdc64a12fd80
                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction Fuzzy Hash: E49132736090E34ADB6D467A857407EFFE16A923B231E079ED4F2CA1C1FE248564F620
                                                                Function 00F67A4A Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4445ef52029c93c674666bc4c600799db6f2ed63728809be77b16c9ae3a77c1
                                                                • Instruction ID: 9bf714c67e65a4267d06d142b95732bc02c86cf06563e64fa09c744ec4f5e070
                                                                • Opcode Fuzzy Hash: f4445ef52029c93c674666bc4c600799db6f2ed63728809be77b16c9ae3a77c1
                                                                • Instruction Fuzzy Hash: 4861AB31A0C30956DE34BA688DA1BBF3394DF8176CF240A1DE843CB296DA199E43F315
                                                                Function 00F67CA7 Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9cc885294b574d4343999cfdbffcf5ab41ff237e0203b8e0c453df08b5a349f0
                                                                • Instruction ID: a93918f2eedc94e7c9fbcc5eb3d79c855a46613746ece3d6f921f5752f429b5b
                                                                • Opcode Fuzzy Hash: 9cc885294b574d4343999cfdbffcf5ab41ff237e0203b8e0c453df08b5a349f0
                                                                • Instruction Fuzzy Hash: 7861AC31E0870962DF38BA288D51BBF3394DF5276CF100E59E943CB281EA17AD46B311
                                                                Function 00F61706 Relevance: .2, Instructions: 232COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction ID: adeeb1eb19df6d11e6dad7abafabbf5a441b80c1f63d266529912abc1f3e15f0
                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction Fuzzy Hash: CA814373A090A349DB6D863A857443EFFE17A923B131E079DD4F2CB1C1EE249554F620
                                                                Function 00FB2046 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 732ffd4d66af5fcaf2e4ad9c126725daa7aa301b73b7f0eb01c6e434090f309b
                                                                • Instruction ID: 0da3feebc631b0d9bb73c4cca38c97ce2e508649ef7b254a4220d3fcc99df9ca
                                                                • Opcode Fuzzy Hash: 732ffd4d66af5fcaf2e4ad9c126725daa7aa301b73b7f0eb01c6e434090f309b
                                                                • Instruction Fuzzy Hash: 2721A8326205158BD728CE79C8126BE73D5A754320F258A2EE4A7C37C4DE3EA904DB40
                                                                Function 00FC2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 00FC2B30
                                                                • DeleteObject.GDI32(00000000), ref: 00FC2B43
                                                                • DestroyWindow.USER32 ref: 00FC2B52
                                                                • GetDesktopWindow.USER32 ref: 00FC2B6D
                                                                • GetWindowRect.USER32(00000000), ref: 00FC2B74
                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00FC2CA3
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00FC2CB1
                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2CF8
                                                                • GetClientRect.USER32(00000000,?), ref: 00FC2D04
                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00FC2D40
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2D62
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2D75
                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2D80
                                                                • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2D89
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2D98
                                                                • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2DA1
                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2DA8
                                                                • GlobalFree.KERNEL32(00000000), ref: 00FC2DB3
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2DC5
                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00FDFC38,00000000), ref: 00FC2DDB
                                                                • GlobalFree.KERNEL32(00000000), ref: 00FC2DEB
                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00FC2E11
                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00FC2E30
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC2E52
                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FC303F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                • API String ID: 2211948467-2373415609
                                                                • Opcode ID: c23b3598d079c2d31df000f3085e5b3f74bfb7267795b5839b1bb52bf09b9b5d
                                                                • Instruction ID: 9623a7a7a28271c07d85ba889e90b82067882769dac80d46e15aa785cdd8a415
                                                                • Opcode Fuzzy Hash: c23b3598d079c2d31df000f3085e5b3f74bfb7267795b5839b1bb52bf09b9b5d
                                                                • Instruction Fuzzy Hash: 57027E7190021AAFDB14DF64CD89FAE7BBAEF48310F048519F915AB2A5C774ED01DBA0
                                                                Function 00FD70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetTextColor.GDI32(?,00000000), ref: 00FD712F
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00FD7160
                                                                • GetSysColor.USER32(0000000F), ref: 00FD716C
                                                                • SetBkColor.GDI32(?,000000FF), ref: 00FD7186
                                                                • SelectObject.GDI32(?,?), ref: 00FD7195
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00FD71C0
                                                                • GetSysColor.USER32(00000010), ref: 00FD71C8
                                                                • CreateSolidBrush.GDI32(00000000), ref: 00FD71CF
                                                                • FrameRect.USER32(?,?,00000000), ref: 00FD71DE
                                                                • DeleteObject.GDI32(00000000), ref: 00FD71E5
                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00FD7230
                                                                • FillRect.USER32(?,?,?), ref: 00FD7262
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD7284
                                                                  • Part of subcall function 00FD73E8: GetSysColor.USER32(00000012), ref: 00FD7421
                                                                  • Part of subcall function 00FD73E8: SetTextColor.GDI32(?,?), ref: 00FD7425
                                                                  • Part of subcall function 00FD73E8: GetSysColorBrush.USER32(0000000F), ref: 00FD743B
                                                                  • Part of subcall function 00FD73E8: GetSysColor.USER32(0000000F), ref: 00FD7446
                                                                  • Part of subcall function 00FD73E8: GetSysColor.USER32(00000011), ref: 00FD7463
                                                                  • Part of subcall function 00FD73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00FD7471
                                                                  • Part of subcall function 00FD73E8: SelectObject.GDI32(?,00000000), ref: 00FD7482
                                                                  • Part of subcall function 00FD73E8: SetBkColor.GDI32(?,00000000), ref: 00FD748B
                                                                  • Part of subcall function 00FD73E8: SelectObject.GDI32(?,?), ref: 00FD7498
                                                                  • Part of subcall function 00FD73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00FD74B7
                                                                  • Part of subcall function 00FD73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00FD74CE
                                                                  • Part of subcall function 00FD73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00FD74DB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                • String ID:
                                                                • API String ID: 4124339563-0
                                                                • Opcode ID: dc4b77fdcf71d07c1ebbf9f2326c761b93f8c6c21b7493c74c9f4a64df26f54f
                                                                • Instruction ID: 4036bce6629f342a18ddfe7454029ffea24289baedaea5795b299723a14ae290
                                                                • Opcode Fuzzy Hash: dc4b77fdcf71d07c1ebbf9f2326c761b93f8c6c21b7493c74c9f4a64df26f54f
                                                                • Instruction Fuzzy Hash: E8A1B372409316AFDB00AF60DC48B5BBBAAFF49321F140B1AF962961E1D731D944EB91
                                                                Function 00F58D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,?), ref: 00F58E14
                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00F96AC5
                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00F96AFE
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00F96F43
                                                                  • Part of subcall function 00F58F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F58BE8,?,00000000,?,?,?,?,00F58BBA,00000000,?), ref: 00F58FC5
                                                                • SendMessageW.USER32(?,00001053), ref: 00F96F7F
                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00F96F96
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00F96FAC
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00F96FB7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                • String ID: 0
                                                                • API String ID: 2760611726-4108050209
                                                                • Opcode ID: f908c670a9a51435c9f87e8ac14fb8f968862ef9dfa8a9d13ff2ec4857e23a59
                                                                • Instruction ID: a51c767b47d925a38c94fee76191353dc66b0dae3241515034ba1b1f209dbf6c
                                                                • Opcode Fuzzy Hash: f908c670a9a51435c9f87e8ac14fb8f968862ef9dfa8a9d13ff2ec4857e23a59
                                                                • Instruction Fuzzy Hash: 8112D030A01202EFEB25DF24D845BA9BBF2FB44321F144069F695DB251CB36EC56EB91
                                                                Function 00FC2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000), ref: 00FC273E
                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00FC286A
                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00FC28A9
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00FC28B9
                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00FC2900
                                                                • GetClientRect.USER32(00000000,?), ref: 00FC290C
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00FC2955
                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00FC2964
                                                                • GetStockObject.GDI32(00000011), ref: 00FC2974
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00FC2978
                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00FC2988
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FC2991
                                                                • DeleteDC.GDI32(00000000), ref: 00FC299A
                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00FC29C6
                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00FC29DD
                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00FC2A1D
                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00FC2A31
                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00FC2A42
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00FC2A77
                                                                • GetStockObject.GDI32(00000011), ref: 00FC2A82
                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00FC2A8D
                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00FC2A97
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                • API String ID: 2910397461-517079104
                                                                • Opcode ID: 14d7f90c013ccff68eea0c07d478a94078035cb57458922a4468e9d474eb1004
                                                                • Instruction ID: a6b9527c23f6b9f38767b4fb13aeaa7505d63b2718d5fb6683c6f4d35b60ffd5
                                                                • Opcode Fuzzy Hash: 14d7f90c013ccff68eea0c07d478a94078035cb57458922a4468e9d474eb1004
                                                                • Instruction Fuzzy Hash: AAB13CB1A4021AAFEB14DF78CD86FAE7BA9EB04710F008519FA15E7294D774E940DB90
                                                                Function 00FB4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00FB4AED
                                                                • GetDriveTypeW.KERNEL32(?,00FDCB68,?,\\.\,00FDCC08), ref: 00FB4BCA
                                                                • SetErrorMode.KERNEL32(00000000,00FDCB68,?,\\.\,00FDCC08), ref: 00FB4D36
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DriveType
                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                • API String ID: 2907320926-4222207086
                                                                • Opcode ID: ccfe13167009c3d6b71010475decc4fbad426cdafc35e74fc32cc3a7663e62c7
                                                                • Instruction ID: e3da23c4b208bec1be4111bf76dc7b1bc74c528f25111e131f65d927fb43609a
                                                                • Opcode Fuzzy Hash: ccfe13167009c3d6b71010475decc4fbad426cdafc35e74fc32cc3a7663e62c7
                                                                • Instruction Fuzzy Hash: 1561E771A051069BDB05EF16CB81EF97BA2AB44700F24401AF8069B293CB36FD45FF41
                                                                Function 00FD73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000012), ref: 00FD7421
                                                                • SetTextColor.GDI32(?,?), ref: 00FD7425
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00FD743B
                                                                • GetSysColor.USER32(0000000F), ref: 00FD7446
                                                                • CreateSolidBrush.GDI32(?), ref: 00FD744B
                                                                • GetSysColor.USER32(00000011), ref: 00FD7463
                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00FD7471
                                                                • SelectObject.GDI32(?,00000000), ref: 00FD7482
                                                                • SetBkColor.GDI32(?,00000000), ref: 00FD748B
                                                                • SelectObject.GDI32(?,?), ref: 00FD7498
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00FD74B7
                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00FD74CE
                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00FD74DB
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FD752A
                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00FD7554
                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00FD7572
                                                                • DrawFocusRect.USER32(?,?), ref: 00FD757D
                                                                • GetSysColor.USER32(00000011), ref: 00FD758E
                                                                • SetTextColor.GDI32(?,00000000), ref: 00FD7596
                                                                • DrawTextW.USER32(?,00FD70F5,000000FF,?,00000000), ref: 00FD75A8
                                                                • SelectObject.GDI32(?,?), ref: 00FD75BF
                                                                • DeleteObject.GDI32(?), ref: 00FD75CA
                                                                • SelectObject.GDI32(?,?), ref: 00FD75D0
                                                                • DeleteObject.GDI32(?), ref: 00FD75D5
                                                                • SetTextColor.GDI32(?,?), ref: 00FD75DB
                                                                • SetBkColor.GDI32(?,?), ref: 00FD75E5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                • String ID:
                                                                • API String ID: 1996641542-0
                                                                • Opcode ID: 71763371a0a59198a6035f71f8158299aca4fe24c49a1bbbec7a10fc40062390
                                                                • Instruction ID: 09bbac6236aeee89d01a7701bcd78450e55d2afccb081bbedcaeb7116c9017ad
                                                                • Opcode Fuzzy Hash: 71763371a0a59198a6035f71f8158299aca4fe24c49a1bbbec7a10fc40062390
                                                                • Instruction Fuzzy Hash: 50616F72D01219AFDF019FA4DC49FEEBFBAEB09320F144116F915AB2A1D7749940EB90
                                                                Function 00FD0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 00FD1128
                                                                • GetDesktopWindow.USER32 ref: 00FD113D
                                                                • GetWindowRect.USER32(00000000), ref: 00FD1144
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD1199
                                                                • DestroyWindow.USER32(?), ref: 00FD11B9
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00FD11ED
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FD120B
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00FD121D
                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00FD1232
                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00FD1245
                                                                • IsWindowVisible.USER32(00000000), ref: 00FD12A1
                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00FD12BC
                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00FD12D0
                                                                • GetWindowRect.USER32(00000000,?), ref: 00FD12E8
                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00FD130E
                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00FD1328
                                                                • CopyRect.USER32(?,?), ref: 00FD133F
                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00FD13AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                • String ID: ($0$tooltips_class32
                                                                • API String ID: 698492251-4156429822
                                                                • Opcode ID: 7ab433fd3aec6f2495f1272033ec620e7fca34493bf51fc3a60fa030a5204f60
                                                                • Instruction ID: 9cedeb8e07e55d920b438d3462ff0d6f22e4bb56a4e5e9a2e432dff96f3bc4ef
                                                                • Opcode Fuzzy Hash: 7ab433fd3aec6f2495f1272033ec620e7fca34493bf51fc3a60fa030a5204f60
                                                                • Instruction Fuzzy Hash: DBB17C71608341AFD714DF64C884B6BBBE6FF88350F04891AF9999B2A1C771E844EB91
                                                                Function 00F58891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F58968
                                                                • GetSystemMetrics.USER32(00000007), ref: 00F58970
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F5899B
                                                                • GetSystemMetrics.USER32(00000008), ref: 00F589A3
                                                                • GetSystemMetrics.USER32(00000004), ref: 00F589C8
                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00F589E5
                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00F589F5
                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00F58A28
                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00F58A3C
                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00F58A5A
                                                                • GetStockObject.GDI32(00000011), ref: 00F58A76
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F58A81
                                                                  • Part of subcall function 00F5912D: GetCursorPos.USER32(?), ref: 00F59141
                                                                  • Part of subcall function 00F5912D: ScreenToClient.USER32(00000000,?), ref: 00F5915E
                                                                  • Part of subcall function 00F5912D: GetAsyncKeyState.USER32(00000001), ref: 00F59183
                                                                  • Part of subcall function 00F5912D: GetAsyncKeyState.USER32(00000002), ref: 00F5919D
                                                                • SetTimer.USER32(00000000,00000000,00000028,00F590FC), ref: 00F58AA8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                • String ID: AutoIt v3 GUI
                                                                • API String ID: 1458621304-248962490
                                                                • Opcode ID: 7f218bf6922c2efa86d8667743ee204c4f640acbcdc30d5448c529186786c103
                                                                • Instruction ID: 6d992ddc2036f885d63f163ff7ae53edf5e9e9def37b7ca54e366c935329964c
                                                                • Opcode Fuzzy Hash: 7f218bf6922c2efa86d8667743ee204c4f640acbcdc30d5448c529186786c103
                                                                • Instruction Fuzzy Hash: FCB17D31A0020AAFDF14DFA8DC45BAE3BB5FB48325F14421AFA15E7290DB78E841DB51
                                                                Function 00FA0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00FA1114
                                                                  • Part of subcall function 00FA10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA1120
                                                                  • Part of subcall function 00FA10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA112F
                                                                  • Part of subcall function 00FA10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA1136
                                                                  • Part of subcall function 00FA10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00FA114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00FA0DF5
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00FA0E29
                                                                • GetLengthSid.ADVAPI32(?), ref: 00FA0E40
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00FA0E7A
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00FA0E96
                                                                • GetLengthSid.ADVAPI32(?), ref: 00FA0EAD
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00FA0EB5
                                                                • HeapAlloc.KERNEL32(00000000), ref: 00FA0EBC
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00FA0EDD
                                                                • CopySid.ADVAPI32(00000000), ref: 00FA0EE4
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00FA0F13
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00FA0F35
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00FA0F47
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FA0F6E
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA0F75
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FA0F7E
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA0F85
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FA0F8E
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA0F95
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00FA0FA1
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA0FA8
                                                                  • Part of subcall function 00FA1193: GetProcessHeap.KERNEL32(00000008,00FA0BB1,?,00000000,?,00FA0BB1,?), ref: 00FA11A1
                                                                  • Part of subcall function 00FA1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00FA0BB1,?), ref: 00FA11A8
                                                                  • Part of subcall function 00FA1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00FA0BB1,?), ref: 00FA11B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: da1dfcc2d8f95e9f491886ea26354f677340588645df96eda3597155e1200d63
                                                                • Instruction ID: 8c3aeffc624a90c54507eb04978e38b986cebee6cee5e7e9605c06c9b872d15b
                                                                • Opcode Fuzzy Hash: da1dfcc2d8f95e9f491886ea26354f677340588645df96eda3597155e1200d63
                                                                • Instruction Fuzzy Hash: 9D714EB190121AEFDF209FA5EC48BAEBBB9FF05311F044116F919F6191DB319905EBA0
                                                                Function 00FCC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FCC4BD
                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00FDCC08,00000000,?,00000000,?,?), ref: 00FCC544
                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00FCC5A4
                                                                • _wcslen.LIBCMT ref: 00FCC5F4
                                                                • _wcslen.LIBCMT ref: 00FCC66F
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00FCC6B2
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00FCC7C1
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00FCC84D
                                                                • RegCloseKey.ADVAPI32(?), ref: 00FCC881
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00FCC88E
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00FCC960
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                • API String ID: 9721498-966354055
                                                                • Opcode ID: a6f503de96ce88835c276c7a0d0785c0a84baaf8ae302d7b67634e05fe6ccced
                                                                • Instruction ID: 6c346a2ed7c92c6efd575a08bbe7815941f911a0750b50e6c1067f30b7380bce
                                                                • Opcode Fuzzy Hash: a6f503de96ce88835c276c7a0d0785c0a84baaf8ae302d7b67634e05fe6ccced
                                                                • Instruction Fuzzy Hash: 911249356042019FD714DF14C991F2ABBE5EF88724F08885DF88A9B3A2DB35ED41EB81
                                                                Function 00FD091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?), ref: 00FD09C6
                                                                • _wcslen.LIBCMT ref: 00FD0A01
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00FD0A54
                                                                • _wcslen.LIBCMT ref: 00FD0A8A
                                                                • _wcslen.LIBCMT ref: 00FD0B06
                                                                • _wcslen.LIBCMT ref: 00FD0B81
                                                                  • Part of subcall function 00F5F9F2: _wcslen.LIBCMT ref: 00F5F9FD
                                                                  • Part of subcall function 00FA2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00FA2BFA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                • API String ID: 1103490817-4258414348
                                                                • Opcode ID: cb166bdb62258821f4bcd3ac91ff28a753a9b500f880bd67905f8560b0cc6527
                                                                • Instruction ID: 5befd6e3c2f292770cb198d4d5bc01066bfb8cde3692ef1f763c418e8ddb8fc8
                                                                • Opcode Fuzzy Hash: cb166bdb62258821f4bcd3ac91ff28a753a9b500f880bd67905f8560b0cc6527
                                                                • Instruction Fuzzy Hash: 02E193316087019FC714EF24C850A2AB7E2FF99324F18495EF8959B3A2DB35ED45EB81
                                                                Function 00FCC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                • API String ID: 1256254125-909552448
                                                                • Opcode ID: 48427b2af887e5f02e007cab9233f651281e4ae0a026c789989f160d52b5ba40
                                                                • Instruction ID: 1f66dde7f2529e975288837b675d2e0d5b08b2aa4350fa2edea6234ef294293d
                                                                • Opcode Fuzzy Hash: 48427b2af887e5f02e007cab9233f651281e4ae0a026c789989f160d52b5ba40
                                                                • Instruction Fuzzy Hash: 7471C632E0056B8BCB10DE78CE52BBA3391ABA5764F15051CEC9E97284E639DD45B3D0
                                                                Function 00FD833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00FD835A
                                                                • _wcslen.LIBCMT ref: 00FD836E
                                                                • _wcslen.LIBCMT ref: 00FD8391
                                                                • _wcslen.LIBCMT ref: 00FD83B4
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00FD83F2
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00FD361A,?), ref: 00FD844E
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00FD8487
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00FD84CA
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00FD8501
                                                                • FreeLibrary.KERNEL32(?), ref: 00FD850D
                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00FD851D
                                                                • DestroyIcon.USER32(?), ref: 00FD852C
                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00FD8549
                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00FD8555
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                • String ID: .dll$.exe$.icl
                                                                • API String ID: 799131459-1154884017
                                                                • Opcode ID: e81f8148d733bc902d8668e06a2e0ef96138ce00e5e100a96d49c7072e172ed0
                                                                • Instruction ID: fba0583b906ac45ca437f516907d67bc6548e1bcedb5b77f6fde34561ea0cc9f
                                                                • Opcode Fuzzy Hash: e81f8148d733bc902d8668e06a2e0ef96138ce00e5e100a96d49c7072e172ed0
                                                                • Instruction Fuzzy Hash: 93610171900209BAEB14DF74DC41BBF77A9BF08B60F14460AF815DA2D0DF78A941E7A0
                                                                Function 00F47778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                • API String ID: 0-1645009161
                                                                • Opcode ID: 050384dd43e3d8fc91bb0d7763342ff945ecebb034955b075112b0ccd6963023
                                                                • Instruction ID: 6eb5259698f44a189adf168861aa1492555eef2662d34136e695b43b9b939d79
                                                                • Opcode Fuzzy Hash: 050384dd43e3d8fc91bb0d7763342ff945ecebb034955b075112b0ccd6963023
                                                                • Instruction Fuzzy Hash: F2812471A04705BBDB21BF60CC42FAE3BA9AF14740F044025FD05AA292EB79DA15F7A1
                                                                Function 00FB3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharLowerBuffW.USER32(?,?), ref: 00FB3EF8
                                                                • _wcslen.LIBCMT ref: 00FB3F03
                                                                • _wcslen.LIBCMT ref: 00FB3F5A
                                                                • _wcslen.LIBCMT ref: 00FB3F98
                                                                • GetDriveTypeW.KERNEL32(?), ref: 00FB3FD6
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00FB401E
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00FB4059
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00FB4087
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                • API String ID: 1839972693-4113822522
                                                                • Opcode ID: 1bf89ff36a87bef551f7ce2dc6c6ebc12b1292755a08aafb42ea18ae34e534e5
                                                                • Instruction ID: 29c87c256b3ef3725bcdbb13af893af3585bae4626445cb3e5fadfd8ec9f6674
                                                                • Opcode Fuzzy Hash: 1bf89ff36a87bef551f7ce2dc6c6ebc12b1292755a08aafb42ea18ae34e534e5
                                                                • Instruction Fuzzy Hash: 7271F232A042129FD310EF25C8808BBBBF5EF94764F00492DF99597252EB35ED45EB91
                                                                Function 00FA5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadIconW.USER32(00000063), ref: 00FA5A2E
                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00FA5A40
                                                                • SetWindowTextW.USER32(?,?), ref: 00FA5A57
                                                                • GetDlgItem.USER32(?,000003EA), ref: 00FA5A6C
                                                                • SetWindowTextW.USER32(00000000,?), ref: 00FA5A72
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00FA5A82
                                                                • SetWindowTextW.USER32(00000000,?), ref: 00FA5A88
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00FA5AA9
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00FA5AC3
                                                                • GetWindowRect.USER32(?,?), ref: 00FA5ACC
                                                                • _wcslen.LIBCMT ref: 00FA5B33
                                                                • SetWindowTextW.USER32(?,?), ref: 00FA5B6F
                                                                • GetDesktopWindow.USER32 ref: 00FA5B75
                                                                • GetWindowRect.USER32(00000000), ref: 00FA5B7C
                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00FA5BD3
                                                                • GetClientRect.USER32(?,?), ref: 00FA5BE0
                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00FA5C05
                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00FA5C2F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                • String ID:
                                                                • API String ID: 895679908-0
                                                                • Opcode ID: 21554c8d18c759f7b2c1d258b0f73e8db1cec94ea44a25871a6f32ac63067743
                                                                • Instruction ID: b32e47837e3f818821ba95af37d4034a9e6dd270a3d5ed98887b61829639bced
                                                                • Opcode Fuzzy Hash: 21554c8d18c759f7b2c1d258b0f73e8db1cec94ea44a25871a6f32ac63067743
                                                                • Instruction Fuzzy Hash: 00718F71A00B09AFDB20DFB8CD45B6EBBF5FF48B15F104519E146A25A0D774E904EB60
                                                                Function 00FBFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00FBFE27
                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00FBFE32
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00FBFE3D
                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00FBFE48
                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00FBFE53
                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00FBFE5E
                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 00FBFE69
                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00FBFE74
                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 00FBFE7F
                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00FBFE8A
                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00FBFE95
                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00FBFEA0
                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00FBFEAB
                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00FBFEB6
                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00FBFEC1
                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00FBFECC
                                                                • GetCursorInfo.USER32(?), ref: 00FBFEDC
                                                                • GetLastError.KERNEL32 ref: 00FBFF1E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                • String ID:
                                                                • API String ID: 3215588206-0
                                                                • Opcode ID: eedf976e3a01fc21ea0ebe2e33cee4b6aa8cf21fe65052e0f7061ad5e00db620
                                                                • Instruction ID: 2df9563f2ea97fbf74a8d29aae51da5d1f979417f101c628dc0eb4df9c5ca8d9
                                                                • Opcode Fuzzy Hash: eedf976e3a01fc21ea0ebe2e33cee4b6aa8cf21fe65052e0f7061ad5e00db620
                                                                • Instruction Fuzzy Hash: F94174B0D053196ADB109FBA8C8586EBFE8FF04764B50462AE11DEB281DB78D901CE91
                                                                Function 00F600C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00F600C6
                                                                  • Part of subcall function 00F600ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0101070C,00000FA0,F443330D,?,?,?,?,00F823B3,000000FF), ref: 00F6011C
                                                                  • Part of subcall function 00F600ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00F823B3,000000FF), ref: 00F60127
                                                                  • Part of subcall function 00F600ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00F823B3,000000FF), ref: 00F60138
                                                                  • Part of subcall function 00F600ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00F6014E
                                                                  • Part of subcall function 00F600ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00F6015C
                                                                  • Part of subcall function 00F600ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00F6016A
                                                                  • Part of subcall function 00F600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F60195
                                                                  • Part of subcall function 00F600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F601A0
                                                                • ___scrt_fastfail.LIBCMT ref: 00F600E7
                                                                  • Part of subcall function 00F600A3: __onexit.LIBCMT ref: 00F600A9
                                                                Strings
                                                                • WakeAllConditionVariable, xrefs: 00F60162
                                                                • InitializeConditionVariable, xrefs: 00F60148
                                                                • kernel32.dll, xrefs: 00F60133
                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00F60122
                                                                • SleepConditionVariableCS, xrefs: 00F60154
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                • API String ID: 66158676-1714406822
                                                                • Opcode ID: a12073891e48b81d96722e64c869ea055b586c248234f96e450b5f9de90233f1
                                                                • Instruction ID: 71a6752bbac90d8deb5cf712e95aa8642cd8ada91b54fb72b9f3cd62097560d8
                                                                • Opcode Fuzzy Hash: a12073891e48b81d96722e64c869ea055b586c248234f96e450b5f9de90233f1
                                                                • Instruction Fuzzy Hash: B921FC32E457156BD7115B74AC06F5B3396EB06B61F24013BF942D7285DF688804FA91
                                                                Function 00FA30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                • API String ID: 176396367-1603158881
                                                                • Opcode ID: 5cec1022c602a3caf82a6735461b3d8fb8d3cb9a80cd0fdb28dea68aa1cd14dd
                                                                • Instruction ID: 96809d440d243925da93c75c5e601ffd9f69e74059aa29fefbed36e4c3f64fff
                                                                • Opcode Fuzzy Hash: 5cec1022c602a3caf82a6735461b3d8fb8d3cb9a80cd0fdb28dea68aa1cd14dd
                                                                • Instruction Fuzzy Hash: 76E1E472E006169FCB15DFA8C8517EDFBB4BF16720F548119F856A7240DB30AE85BBA0
                                                                Function 00FB44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharLowerBuffW.USER32(00000000,00000000,00FDCC08), ref: 00FB4527
                                                                • _wcslen.LIBCMT ref: 00FB453B
                                                                • _wcslen.LIBCMT ref: 00FB4599
                                                                • _wcslen.LIBCMT ref: 00FB45F4
                                                                • _wcslen.LIBCMT ref: 00FB463F
                                                                • _wcslen.LIBCMT ref: 00FB46A7
                                                                  • Part of subcall function 00F5F9F2: _wcslen.LIBCMT ref: 00F5F9FD
                                                                • GetDriveTypeW.KERNEL32(?,01006BF0,00000061), ref: 00FB4743
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                • API String ID: 2055661098-1000479233
                                                                • Opcode ID: e0b1bb48bb58ae02f36c567b0c9888878cfc925ca1aece5c786cb68efd699a0d
                                                                • Instruction ID: adafb6bb8cb0e6315e6605ed1f2a624659cdf4d120f8d708d19b6e2ef1c5e4a8
                                                                • Opcode Fuzzy Hash: e0b1bb48bb58ae02f36c567b0c9888878cfc925ca1aece5c786cb68efd699a0d
                                                                • Instruction Fuzzy Hash: 53B1E571A083029FC710EF29C990AAAF7E5BF95720F54491DF496C7292DB34E844EF92
                                                                Function 00FCAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00FCB198
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00FCB1B0
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00FCB1D4
                                                                • _wcslen.LIBCMT ref: 00FCB200
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00FCB214
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00FCB236
                                                                • _wcslen.LIBCMT ref: 00FCB332
                                                                  • Part of subcall function 00FB05A7: GetStdHandle.KERNEL32(000000F6), ref: 00FB05C6
                                                                • _wcslen.LIBCMT ref: 00FCB34B
                                                                • _wcslen.LIBCMT ref: 00FCB366
                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00FCB3B6
                                                                • GetLastError.KERNEL32(00000000), ref: 00FCB407
                                                                • CloseHandle.KERNEL32(?), ref: 00FCB439
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FCB44A
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FCB45C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FCB46E
                                                                • CloseHandle.KERNEL32(?), ref: 00FCB4E3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 2178637699-0
                                                                • Opcode ID: f7928bf6fe3df67db78e563b9828ae4a3d902b95c59ab6641694e93b4125c0bd
                                                                • Instruction ID: 8521bc5cf5a27eb16b0fb9c49dc621bc04a83736aac731c7563d369096a525b9
                                                                • Opcode Fuzzy Hash: f7928bf6fe3df67db78e563b9828ae4a3d902b95c59ab6641694e93b4125c0bd
                                                                • Instruction Fuzzy Hash: 4EF1A0359083419FC715EF24C982F6EBBE5AF85320F18855DF8959B2A2CB35EC04EB52
                                                                Function 00FC3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00FDCC08), ref: 00FC40BB
                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00FC40CD
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00FDCC08), ref: 00FC40F2
                                                                • FreeLibrary.KERNEL32(00000000,?,00FDCC08), ref: 00FC413E
                                                                • StringFromGUID2.OLE32(?,?,00000028,?,00FDCC08), ref: 00FC41A8
                                                                • SysFreeString.OLEAUT32(00000009), ref: 00FC4262
                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00FC42C8
                                                                • SysFreeString.OLEAUT32(?), ref: 00FC42F2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                • API String ID: 354098117-199464113
                                                                • Opcode ID: 428e8c477a655268a3040bffcac1fa3b2bdb3dfc4010334f2352de701abf4db7
                                                                • Instruction ID: 9fcd1b21c05394c4bd9e771a856a648f9c71880e03bfde27feb38da824a176e7
                                                                • Opcode Fuzzy Hash: 428e8c477a655268a3040bffcac1fa3b2bdb3dfc4010334f2352de701abf4db7
                                                                • Instruction Fuzzy Hash: 9D124971A0010AEFDB14CF94C995FAEBBB5FF85314F248099E9059B251C731ED42EBA0
                                                                Function 00F4326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemCount.USER32(01011990), ref: 00F82F8D
                                                                • GetMenuItemCount.USER32(01011990), ref: 00F8303D
                                                                • GetCursorPos.USER32(?), ref: 00F83081
                                                                • SetForegroundWindow.USER32(00000000), ref: 00F8308A
                                                                • TrackPopupMenuEx.USER32(01011990,00000000,?,00000000,00000000,00000000), ref: 00F8309D
                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00F830A9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                • String ID: 0
                                                                • API String ID: 36266755-4108050209
                                                                • Opcode ID: 0012a1927b6609ac0afa7e9cb5c496087cdc791a7ad6e2de14c86589ffe94493
                                                                • Instruction ID: 07d1c90320579f49d987a6053c76fdeb1d9600ccf3def719793e2b7ae85e5d11
                                                                • Opcode Fuzzy Hash: 0012a1927b6609ac0afa7e9cb5c496087cdc791a7ad6e2de14c86589ffe94493
                                                                • Instruction Fuzzy Hash: 74712A71A44206BEEB219F24DC49FDABF69FF05334F244216FA146A1E1C7B1A910FB91
                                                                Function 00FD6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000,?), ref: 00FD6DEB
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00FD6E5F
                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00FD6E81
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FD6E94
                                                                • DestroyWindow.USER32(?), ref: 00FD6EB5
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00F40000,00000000), ref: 00FD6EE4
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FD6EFD
                                                                • GetDesktopWindow.USER32 ref: 00FD6F16
                                                                • GetWindowRect.USER32(00000000), ref: 00FD6F1D
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00FD6F35
                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00FD6F4D
                                                                  • Part of subcall function 00F59944: GetWindowLongW.USER32(?,000000EB), ref: 00F59952
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                • String ID: 0$tooltips_class32
                                                                • API String ID: 2429346358-3619404913
                                                                • Opcode ID: c654104eedd13fafaf85d1849858103b0a6390f309cece86f8c5426f87f3af85
                                                                • Instruction ID: 76bc65590c9c058f8ecc38fedce5cfa7ed40d6505b937daea32714bb3d1d347e
                                                                • Opcode Fuzzy Hash: c654104eedd13fafaf85d1849858103b0a6390f309cece86f8c5426f87f3af85
                                                                • Instruction Fuzzy Hash: 37719770504245AFDB22CF28D844BAABBFAFB88314F08041EF999C7361D775E905EB16
                                                                Function 00FD911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F59BB2
                                                                • DragQueryPoint.SHELL32(?,?), ref: 00FD9147
                                                                  • Part of subcall function 00FD7674: ClientToScreen.USER32(?,?), ref: 00FD769A
                                                                  • Part of subcall function 00FD7674: GetWindowRect.USER32(?,?), ref: 00FD7710
                                                                  • Part of subcall function 00FD7674: PtInRect.USER32(?,?,00FD8B89), ref: 00FD7720
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00FD91B0
                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00FD91BB
                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00FD91DE
                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00FD9225
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00FD923E
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00FD9255
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00FD9277
                                                                • DragFinish.SHELL32(?), ref: 00FD927E
                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00FD9371
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                • API String ID: 221274066-3440237614
                                                                • Opcode ID: 4757a17162f35582a0d256113d93f40000806670733b45e6c969a959a13daee8
                                                                • Instruction ID: c7856a11a156cd5863b5da03ff85173bd471f7d65abdda2444fb1b4d2b15a76d
                                                                • Opcode Fuzzy Hash: 4757a17162f35582a0d256113d93f40000806670733b45e6c969a959a13daee8
                                                                • Instruction Fuzzy Hash: C0618C71108301AFD701DFA4DC85DAFBBE9EF89350F00091EF995932A1DB749A49DBA2
                                                                Function 00FBC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00FBC4B0
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00FBC4C3
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00FBC4D7
                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00FBC4F0
                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00FBC533
                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00FBC549
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00FBC554
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00FBC584
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00FBC5DC
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00FBC5F0
                                                                • InternetCloseHandle.WININET(00000000), ref: 00FBC5FB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                • String ID:
                                                                • API String ID: 3800310941-3916222277
                                                                • Opcode ID: 99c7bbc9efe30581fdc2d4322803739d541a3c6bf90c8c0853a264500d7e0b97
                                                                • Instruction ID: 12b706efbad24b07bab771a4654c62465992556f85c1a18c4404c4313b52c878
                                                                • Opcode Fuzzy Hash: 99c7bbc9efe30581fdc2d4322803739d541a3c6bf90c8c0853a264500d7e0b97
                                                                • Instruction Fuzzy Hash: 575138B1601209BFDB219F62C988AAB7BBDEF08754F04441AF945D6210DB34EA44EFE0
                                                                Function 00FD856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00FD8592
                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00FD85A2
                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00FD85AD
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FD85BA
                                                                • GlobalLock.KERNEL32(00000000), ref: 00FD85C8
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00FD85D7
                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00FD85E0
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FD85E7
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00FD85F8
                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00FDFC38,?), ref: 00FD8611
                                                                • GlobalFree.KERNEL32(00000000), ref: 00FD8621
                                                                • GetObjectW.GDI32(?,00000018,000000FF), ref: 00FD8641
                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00FD8671
                                                                • DeleteObject.GDI32(00000000), ref: 00FD8699
                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00FD86AF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                • String ID:
                                                                • API String ID: 3840717409-0
                                                                • Opcode ID: cf7ac05f8424684f9e98c72a6f884e107ca685eeccdbcc5d83505f9bc6216578
                                                                • Instruction ID: b65c06954a56347cf51187eed0fb5b820b13a9282c5472cab8fa4492e5d7aba5
                                                                • Opcode Fuzzy Hash: cf7ac05f8424684f9e98c72a6f884e107ca685eeccdbcc5d83505f9bc6216578
                                                                • Instruction Fuzzy Hash: 7A415971601209AFDB108FA5DC48EAE7BBEEF89761F04415AF909E7260DB309D01EB60
                                                                Function 00FB14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000000), ref: 00FB1502
                                                                • VariantCopy.OLEAUT32(?,?), ref: 00FB150B
                                                                • VariantClear.OLEAUT32(?), ref: 00FB1517
                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00FB15FB
                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00FB1657
                                                                • VariantInit.OLEAUT32(?), ref: 00FB1708
                                                                • SysFreeString.OLEAUT32(?), ref: 00FB178C
                                                                • VariantClear.OLEAUT32(?), ref: 00FB17D8
                                                                • VariantClear.OLEAUT32(?), ref: 00FB17E7
                                                                • VariantInit.OLEAUT32(00000000), ref: 00FB1823
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                • API String ID: 1234038744-3931177956
                                                                • Opcode ID: 643477a729e9e4e513803ffbd2498580783d5f1a151eabaf680846287d8c3248
                                                                • Instruction ID: 65457f39e183b7d587f8673c25f00617a40f11b646195114005c7d3a2f9148f3
                                                                • Opcode Fuzzy Hash: 643477a729e9e4e513803ffbd2498580783d5f1a151eabaf680846287d8c3248
                                                                • Instruction Fuzzy Hash: AED1F132A00115DBDB209F66E8A5BB9B7B5BF45700FA88156F906AB180DB34DC44FFA1
                                                                Function 00FCB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FCC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00FCB6AE,?,?), ref: 00FCC9B5
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCC9F1
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCCA68
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCCA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FCB6F4
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00FCB772
                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 00FCB80A
                                                                • RegCloseKey.ADVAPI32(?), ref: 00FCB87E
                                                                • RegCloseKey.ADVAPI32(?), ref: 00FCB89C
                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00FCB8F2
                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00FCB904
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00FCB922
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00FCB983
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00FCB994
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 146587525-4033151799
                                                                • Opcode ID: d58d80eed68eed0fca0be01d415f771b65e8d7322e9f8864702e67bc46e00e62
                                                                • Instruction ID: 0aefd3b14ae4bd308ad13dc9cfe2d6285718f5d0788676cd9e39af6e6ea27bc4
                                                                • Opcode Fuzzy Hash: d58d80eed68eed0fca0be01d415f771b65e8d7322e9f8864702e67bc46e00e62
                                                                • Instruction Fuzzy Hash: D7C1A035605202AFD710DF24C996F2ABBE5BF84314F14845CF8998B6A2CB35EC45EB91
                                                                Function 00FC255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 00FC25D8
                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00FC25E8
                                                                • CreateCompatibleDC.GDI32(?), ref: 00FC25F4
                                                                • SelectObject.GDI32(00000000,?), ref: 00FC2601
                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00FC266D
                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00FC26AC
                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00FC26D0
                                                                • SelectObject.GDI32(?,?), ref: 00FC26D8
                                                                • DeleteObject.GDI32(?), ref: 00FC26E1
                                                                • DeleteDC.GDI32(?), ref: 00FC26E8
                                                                • ReleaseDC.USER32(00000000,?), ref: 00FC26F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                • String ID: (
                                                                • API String ID: 2598888154-3887548279
                                                                • Opcode ID: 28dd37b8e6d72fb077108e7959ff492f554c670aba5e677efc5c7f44c1e60bb8
                                                                • Instruction ID: 80ce327b93d8e8cbd51ba08d53daacf8b949c29cdd366e2cb54d913d986b8285
                                                                • Opcode Fuzzy Hash: 28dd37b8e6d72fb077108e7959ff492f554c670aba5e677efc5c7f44c1e60bb8
                                                                • Instruction Fuzzy Hash: F0610475D0021AEFCF04CFA4C985EAEBBB6FF48310F20851AE955A7250D334A941EFA0
                                                                Function 00F7DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___free_lconv_mon.LIBCMT ref: 00F7DAA1
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D659
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D66B
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D67D
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D68F
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D6A1
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D6B3
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D6C5
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D6D7
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D6E9
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D6FB
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D70D
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D71F
                                                                  • Part of subcall function 00F7D63C: _free.LIBCMT ref: 00F7D731
                                                                • _free.LIBCMT ref: 00F7DA96
                                                                  • Part of subcall function 00F729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000), ref: 00F729DE
                                                                  • Part of subcall function 00F729C8: GetLastError.KERNEL32(00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000,00000000), ref: 00F729F0
                                                                • _free.LIBCMT ref: 00F7DAB8
                                                                • _free.LIBCMT ref: 00F7DACD
                                                                • _free.LIBCMT ref: 00F7DAD8
                                                                • _free.LIBCMT ref: 00F7DAFA
                                                                • _free.LIBCMT ref: 00F7DB0D
                                                                • _free.LIBCMT ref: 00F7DB1B
                                                                • _free.LIBCMT ref: 00F7DB26
                                                                • _free.LIBCMT ref: 00F7DB5E
                                                                • _free.LIBCMT ref: 00F7DB65
                                                                • _free.LIBCMT ref: 00F7DB82
                                                                • _free.LIBCMT ref: 00F7DB9A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                • String ID:
                                                                • API String ID: 161543041-0
                                                                • Opcode ID: 3ccde16ba2bb976d2d0f4f7653f788d97775e7dd5081300635832c449d4071c8
                                                                • Instruction ID: 6178c4d310323fb467f1f4cca5dddacdafb70a59f35b110da6dbeade2cdb4867
                                                                • Opcode Fuzzy Hash: 3ccde16ba2bb976d2d0f4f7653f788d97775e7dd5081300635832c449d4071c8
                                                                • Instruction Fuzzy Hash: 2A313B31A042059FEB61AA39EC45B56B7F9FF40320F95842BE54DD7192DB39AC80A722
                                                                Function 00FA365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00FA369C
                                                                • _wcslen.LIBCMT ref: 00FA36A7
                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00FA3797
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00FA380C
                                                                • GetDlgCtrlID.USER32(?), ref: 00FA385D
                                                                • GetWindowRect.USER32(?,?), ref: 00FA3882
                                                                • GetParent.USER32(?), ref: 00FA38A0
                                                                • ScreenToClient.USER32(00000000), ref: 00FA38A7
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00FA3921
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00FA395D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                • String ID: %s%u
                                                                • API String ID: 4010501982-679674701
                                                                • Opcode ID: a5f3882e25bfd04c81087b4922266012a3158f648edf0c8010a4878f15b08985
                                                                • Instruction ID: 2c966ad87ede04e493829fc4b977737697e9fcb9fb0ccdf7db3a3535a322edc3
                                                                • Opcode Fuzzy Hash: a5f3882e25bfd04c81087b4922266012a3158f648edf0c8010a4878f15b08985
                                                                • Instruction Fuzzy Hash: 0491F4B1604706AFD708DF24C885FAAF7A9FF49350F008629F999C2190DB34EA45EBD1
                                                                Function 00FA4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00FA4994
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00FA49DA
                                                                • _wcslen.LIBCMT ref: 00FA49EB
                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00FA49F7
                                                                • _wcsstr.LIBVCRUNTIME ref: 00FA4A2C
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00FA4A64
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00FA4A9D
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00FA4AE6
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00FA4B20
                                                                • GetWindowRect.USER32(?,?), ref: 00FA4B8B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                • String ID: ThumbnailClass
                                                                • API String ID: 1311036022-1241985126
                                                                • Opcode ID: 9464746b81ab85030c61b1cde7a6c05cd9ad3e22a1c790ffd9145a7c1d37b12a
                                                                • Instruction ID: 49a2ec8ff215726ed70dbd938ac401f03801cead4bb5d227f28f39104653c984
                                                                • Opcode Fuzzy Hash: 9464746b81ab85030c61b1cde7a6c05cd9ad3e22a1c790ffd9145a7c1d37b12a
                                                                • Instruction Fuzzy Hash: E991D2B15082059FDB04CF14C881BAA77E8FFC5364F04446AFD899A096DBB4FD45EBA1
                                                                Function 00FABF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(01011990,000000FF,00000000,00000030), ref: 00FABFAC
                                                                • SetMenuItemInfoW.USER32(01011990,00000004,00000000,00000030), ref: 00FABFE1
                                                                • Sleep.KERNEL32(000001F4), ref: 00FABFF3
                                                                • GetMenuItemCount.USER32(?), ref: 00FAC039
                                                                • GetMenuItemID.USER32(?,00000000), ref: 00FAC056
                                                                • GetMenuItemID.USER32(?,-00000001), ref: 00FAC082
                                                                • GetMenuItemID.USER32(?,?), ref: 00FAC0C9
                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00FAC10F
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FAC124
                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FAC145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                • String ID: 0
                                                                • API String ID: 1460738036-4108050209
                                                                • Opcode ID: bb8559f1cba47b754361eeb037a162625eb1a2e42fa7d581d866f7fdb20127cd
                                                                • Instruction ID: 59b0b51f3bd67103888511cacf6df7e185cac46fb39918f3be875aa550b1712d
                                                                • Opcode Fuzzy Hash: bb8559f1cba47b754361eeb037a162625eb1a2e42fa7d581d866f7fdb20127cd
                                                                • Instruction Fuzzy Hash: AF61AEF0A0024AAFDF15CF64DD88AEEBBB9EB06354F044115F951A3292C735AD04EBA0
                                                                Function 00FCCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00FCCC64
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00FCCC8D
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00FCCD48
                                                                  • Part of subcall function 00FCCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00FCCCAA
                                                                  • Part of subcall function 00FCCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00FCCCBD
                                                                  • Part of subcall function 00FCCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00FCCCCF
                                                                  • Part of subcall function 00FCCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00FCCD05
                                                                  • Part of subcall function 00FCCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00FCCD28
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00FCCCF3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 2734957052-4033151799
                                                                • Opcode ID: 034f0540123a26545bc38101bf905a7b096663434fee818bee2df283a705ea0c
                                                                • Instruction ID: fb0fda088a37540a26ce6b2fa3d10331e384584ffb919195375cfad21358fa1e
                                                                • Opcode Fuzzy Hash: 034f0540123a26545bc38101bf905a7b096663434fee818bee2df283a705ea0c
                                                                • Instruction Fuzzy Hash: F2319272D0112EBBDB20CB61DD89EFFBB7CEF41750F000169E91AE2140DA345A45EAE0
                                                                Function 00FB3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00FB3D40
                                                                • _wcslen.LIBCMT ref: 00FB3D6D
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00FB3D9D
                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00FB3DBE
                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00FB3DCE
                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00FB3E55
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FB3E60
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FB3E6B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                • String ID: :$\$\??\%s
                                                                • API String ID: 1149970189-3457252023
                                                                • Opcode ID: 1147d4e1f85c38dfe271e1f144ceee6d0a0d87adb328384173c9ca393ea0a4fe
                                                                • Instruction ID: 97a7960c4ac2b5f392043b8af9426a127fb08bb1e448fae3403a16605c952238
                                                                • Opcode Fuzzy Hash: 1147d4e1f85c38dfe271e1f144ceee6d0a0d87adb328384173c9ca393ea0a4fe
                                                                • Instruction Fuzzy Hash: B131C172A4021AABDB209BA1DC49FEF37BDEF88710F1041A6F605D6060EB749744EB64
                                                                Function 00FAE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • timeGetTime.WINMM ref: 00FAE6B4
                                                                  • Part of subcall function 00F5E551: timeGetTime.WINMM(?,?,00FAE6D4), ref: 00F5E555
                                                                • Sleep.KERNEL32(0000000A), ref: 00FAE6E1
                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00FAE705
                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00FAE727
                                                                • SetActiveWindow.USER32 ref: 00FAE746
                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00FAE754
                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00FAE773
                                                                • Sleep.KERNEL32(000000FA), ref: 00FAE77E
                                                                • IsWindow.USER32 ref: 00FAE78A
                                                                • EndDialog.USER32(00000000), ref: 00FAE79B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                • String ID: BUTTON
                                                                • API String ID: 1194449130-3405671355
                                                                • Opcode ID: 98613e7954eb6fd40fce206064d4d25ad9a74d43fa621ec2f9c57d16939cfa9e
                                                                • Instruction ID: 6c52ed84ccc7d937132501447612b5c4ff8f5b5c0358d1d0a0e8dbd5600ea730
                                                                • Opcode Fuzzy Hash: 98613e7954eb6fd40fce206064d4d25ad9a74d43fa621ec2f9c57d16939cfa9e
                                                                • Instruction Fuzzy Hash: 6721C6F0310209AFEB105F30EC89B253B6AF79A358F100826F555822D5DB7EAC10FB64
                                                                Function 00FAE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00FAEA5D
                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00FAEA73
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00FAEA84
                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00FAEA96
                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00FAEAA7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString$_wcslen
                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                • API String ID: 2420728520-1007645807
                                                                • Opcode ID: 98e8f1f666fea4a2930710cd7dc7de0e3db377a1709599a51cacd66f4b9d2454
                                                                • Instruction ID: bbdffde3eeaf4d07770c0dc640dd504597192f57d4f2bc603147877cbed451c4
                                                                • Opcode Fuzzy Hash: 98e8f1f666fea4a2930710cd7dc7de0e3db377a1709599a51cacd66f4b9d2454
                                                                • Instruction Fuzzy Hash: 3B11A371B9025979E721A7A2DC4AEFF7EBCEBD2B10F0004297801A70D1EEA51915D5B0
                                                                Function 00FA9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 00FAA012
                                                                • SetKeyboardState.USER32(?), ref: 00FAA07D
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00FAA09D
                                                                • GetKeyState.USER32(000000A0), ref: 00FAA0B4
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00FAA0E3
                                                                • GetKeyState.USER32(000000A1), ref: 00FAA0F4
                                                                • GetAsyncKeyState.USER32(00000011), ref: 00FAA120
                                                                • GetKeyState.USER32(00000011), ref: 00FAA12E
                                                                • GetAsyncKeyState.USER32(00000012), ref: 00FAA157
                                                                • GetKeyState.USER32(00000012), ref: 00FAA165
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00FAA18E
                                                                • GetKeyState.USER32(0000005B), ref: 00FAA19C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: ff42b5fac84eec5d692622173e169aa98252c0844a6654ba81f371238e1433fa
                                                                • Instruction ID: 0c874ed8e23440f17d3b3fc4f1b8e9fbb56d84a35d76853fe75d43273017a260
                                                                • Opcode Fuzzy Hash: ff42b5fac84eec5d692622173e169aa98252c0844a6654ba81f371238e1433fa
                                                                • Instruction Fuzzy Hash: 4851BCA4D0878829FB35DB7088117EABFF55F13390F08859AD5C2571C3DB94AA4CEB62
                                                                Function 00FA5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,00000001), ref: 00FA5CE2
                                                                • GetWindowRect.USER32(00000000,?), ref: 00FA5CFB
                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00FA5D59
                                                                • GetDlgItem.USER32(?,00000002), ref: 00FA5D69
                                                                • GetWindowRect.USER32(00000000,?), ref: 00FA5D7B
                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00FA5DCF
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00FA5DDD
                                                                • GetWindowRect.USER32(00000000,?), ref: 00FA5DEF
                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00FA5E31
                                                                • GetDlgItem.USER32(?,000003EA), ref: 00FA5E44
                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00FA5E5A
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00FA5E67
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                • String ID:
                                                                • API String ID: 3096461208-0
                                                                • Opcode ID: e0475adbbb863d3b9968ae00c1bd95cf3c0bc32fb659d0c468488062a0f06b09
                                                                • Instruction ID: 7029a860c8c8f3b7b1971f914b6db1b178e37330c95c466af8668818612766e1
                                                                • Opcode Fuzzy Hash: e0475adbbb863d3b9968ae00c1bd95cf3c0bc32fb659d0c468488062a0f06b09
                                                                • Instruction Fuzzy Hash: 8351FFB1E0060AAFDF18CF68DD89AAEBBB6FB49710F148129F515E7290D7709E04DB50
                                                                Function 00F58BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F58F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F58BE8,?,00000000,?,?,?,?,00F58BBA,00000000,?), ref: 00F58FC5
                                                                • DestroyWindow.USER32(?), ref: 00F58C81
                                                                • KillTimer.USER32(00000000,?,?,?,?,00F58BBA,00000000,?), ref: 00F58D1B
                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00F96973
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00F58BBA,00000000,?), ref: 00F969A1
                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00F58BBA,00000000,?), ref: 00F969B8
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00F58BBA,00000000), ref: 00F969D4
                                                                • DeleteObject.GDI32(00000000), ref: 00F969E6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                • String ID:
                                                                • API String ID: 641708696-0
                                                                • Opcode ID: 3ca60459d90a4214b87b1200e43e11d14d87ce00fd0061d2a8334bd245165966
                                                                • Instruction ID: ed950e8a9dd0f1ce8939750712c5da587c59a9b192e1e7e84f0e3f7db8a3b37b
                                                                • Opcode Fuzzy Hash: 3ca60459d90a4214b87b1200e43e11d14d87ce00fd0061d2a8334bd245165966
                                                                • Instruction Fuzzy Hash: C761AF31902605DFDF359F24D948B2977F2FB403A2F144519EA82A7564CB3AAC86FF90
                                                                Function 00F59838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59944: GetWindowLongW.USER32(?,000000EB), ref: 00F59952
                                                                • GetSysColor.USER32(0000000F), ref: 00F59862
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ColorLongWindow
                                                                • String ID:
                                                                • API String ID: 259745315-0
                                                                • Opcode ID: f971593333fc2944ed678a671fd82b2dfb9c2655394c887e0dff71968c4a415f
                                                                • Instruction ID: db0ee78ed7d8b1611565bc40d28b1ba8ce180c90489e85400b8bbfdcddc77b33
                                                                • Opcode Fuzzy Hash: f971593333fc2944ed678a671fd82b2dfb9c2655394c887e0dff71968c4a415f
                                                                • Instruction Fuzzy Hash: F941B131509714EFDF245F389C84BB93B66AB06332F584606FAA28B1E1C7719845FB50
                                                                Function 00FA96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00F8F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00FA9717
                                                                • LoadStringW.USER32(00000000,?,00F8F7F8,00000001), ref: 00FA9720
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00F8F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00FA9742
                                                                • LoadStringW.USER32(00000000,?,00F8F7F8,00000001), ref: 00FA9745
                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00FA9866
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                • API String ID: 747408836-2268648507
                                                                • Opcode ID: f70eb461e2aafc833f09a14fff8290b2b95bc2a0b283cc86e6373d0849c34a72
                                                                • Instruction ID: db80b2cc22ffc411855af867402b9e4ea3e29aa08584e1a0a9c6bb98d37eb708
                                                                • Opcode Fuzzy Hash: f70eb461e2aafc833f09a14fff8290b2b95bc2a0b283cc86e6373d0849c34a72
                                                                • Instruction Fuzzy Hash: 67416072904219AADF04EFE0DD86DEE7779AF55340F500025FA0172092EB796F48EBA1
                                                                Function 00FA06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00FA07A2
                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00FA07BE
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00FA07DA
                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00FA0804
                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00FA082C
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00FA0837
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00FA083C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                • API String ID: 323675364-22481851
                                                                • Opcode ID: d38649ad17d14f0aba3790784580211d0dae176d56380b8796951f4865c67739
                                                                • Instruction ID: 2712d7459fe3d7683e3f0348c61e3b42cbf6d2fbeb1b72af05dca2b20753211f
                                                                • Opcode Fuzzy Hash: d38649ad17d14f0aba3790784580211d0dae176d56380b8796951f4865c67739
                                                                • Instruction Fuzzy Hash: E5410672C10229ABDF11EFA4DC95CEEBB78FF05750F044129E901A7161EB749E04EBA0
                                                                Function 00FD3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00FD403B
                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00FD4042
                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00FD4055
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00FD405D
                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00FD4068
                                                                • DeleteDC.GDI32(00000000), ref: 00FD4072
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00FD407C
                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00FD4092
                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00FD409E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                • String ID: static
                                                                • API String ID: 2559357485-2160076837
                                                                • Opcode ID: 4eb5a2d6e8aac935b1fb3fe49ca4247afce971731548b1b4170a01902600cdf9
                                                                • Instruction ID: 0e643a31f928512f0d4000e0ff390a62dc7b3944fdeed11f7cf4ee38c2756fe2
                                                                • Opcode Fuzzy Hash: 4eb5a2d6e8aac935b1fb3fe49ca4247afce971731548b1b4170a01902600cdf9
                                                                • Instruction Fuzzy Hash: E1315C3250121AABDF219FB4DC09FDA3B6AEF0D320F150312FA58E61A0C775D811EBA4
                                                                Function 00FC3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00FC3C5C
                                                                • CoInitialize.OLE32(00000000), ref: 00FC3C8A
                                                                • CoUninitialize.OLE32 ref: 00FC3C94
                                                                • _wcslen.LIBCMT ref: 00FC3D2D
                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00FC3DB1
                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00FC3ED5
                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00FC3F0E
                                                                • CoGetObject.OLE32(?,00000000,00FDFB98,?), ref: 00FC3F2D
                                                                • SetErrorMode.KERNEL32(00000000), ref: 00FC3F40
                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00FC3FC4
                                                                • VariantClear.OLEAUT32(?), ref: 00FC3FD8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                • String ID:
                                                                • API String ID: 429561992-0
                                                                • Opcode ID: 2859f4797158329da08040b4d96ab0d8688fa383da8ff1db501144e6b0523873
                                                                • Instruction ID: f86624a90e23be56416858f95840f18f854350364dd0bf61a17a487902a07716
                                                                • Opcode Fuzzy Hash: 2859f4797158329da08040b4d96ab0d8688fa383da8ff1db501144e6b0523873
                                                                • Instruction Fuzzy Hash: 49C135716082069FC700DF28C985E2BBBE9FF89794F04891DF98A9B251D730ED05DB92
                                                                Function 00FB7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 00FB7AF3
                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00FB7B8F
                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00FB7BA3
                                                                • CoCreateInstance.OLE32(00FDFD08,00000000,00000001,01006E6C,?), ref: 00FB7BEF
                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00FB7C74
                                                                • CoTaskMemFree.OLE32(?,?), ref: 00FB7CCC
                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00FB7D57
                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00FB7D7A
                                                                • CoTaskMemFree.OLE32(00000000), ref: 00FB7D81
                                                                • CoTaskMemFree.OLE32(00000000), ref: 00FB7DD6
                                                                • CoUninitialize.OLE32 ref: 00FB7DDC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                • String ID:
                                                                • API String ID: 2762341140-0
                                                                • Opcode ID: 5478c49d9dd8f928c257df070e4a33e4f93844578bc3d7355ffd1b54a76b1551
                                                                • Instruction ID: 1861dda0d98ddc2fce7fc5bf38a5ab2ced50e1922fe88504813fb56c2d19824f
                                                                • Opcode Fuzzy Hash: 5478c49d9dd8f928c257df070e4a33e4f93844578bc3d7355ffd1b54a76b1551
                                                                • Instruction Fuzzy Hash: E7C12975A04209AFCB14DFA5C884DAEBBB9FF88314B148499E819DB361D730ED45DF90
                                                                Function 00FD541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00FD5504
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FD5515
                                                                • CharNextW.USER32(00000158), ref: 00FD5544
                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00FD5585
                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00FD559B
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FD55AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CharNext
                                                                • String ID:
                                                                • API String ID: 1350042424-0
                                                                • Opcode ID: 7f1e85748d8dd203355b419bfc451c962d2b76049805c04a515f1ce0ee9c7443
                                                                • Instruction ID: a3dcdfb2699e5795f0dda4685d4a510c0f3b3a6a0d43f90c457554298c679c06
                                                                • Opcode Fuzzy Hash: 7f1e85748d8dd203355b419bfc451c962d2b76049805c04a515f1ce0ee9c7443
                                                                • Instruction Fuzzy Hash: A861A031900609ABDF10DF64CC94EFE7B7AEB06B34F184146F925AB390D7748A80EB61
                                                                Function 00F9FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00F9FAAF
                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 00F9FB08
                                                                • VariantInit.OLEAUT32(?), ref: 00F9FB1A
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00F9FB3A
                                                                • VariantCopy.OLEAUT32(?,?), ref: 00F9FB8D
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00F9FBA1
                                                                • VariantClear.OLEAUT32(?), ref: 00F9FBB6
                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 00F9FBC3
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F9FBCC
                                                                • VariantClear.OLEAUT32(?), ref: 00F9FBDE
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F9FBE9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                • String ID:
                                                                • API String ID: 2706829360-0
                                                                • Opcode ID: 2169c1ba0051255a38fa48b5fe58284139bc83e4885fe0f1d54839fd834fbfcc
                                                                • Instruction ID: 7065b93e826a34d450bbee8bbe61ccf74524b101d167ef0daf47aa4e2af6bb49
                                                                • Opcode Fuzzy Hash: 2169c1ba0051255a38fa48b5fe58284139bc83e4885fe0f1d54839fd834fbfcc
                                                                • Instruction Fuzzy Hash: 28415D35A0021A9FDF00DF68CC549AEBBB9EF48354F008069E956E7261CB34A949DBE0
                                                                Function 00FA9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 00FA9CA1
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00FA9D22
                                                                • GetKeyState.USER32(000000A0), ref: 00FA9D3D
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00FA9D57
                                                                • GetKeyState.USER32(000000A1), ref: 00FA9D6C
                                                                • GetAsyncKeyState.USER32(00000011), ref: 00FA9D84
                                                                • GetKeyState.USER32(00000011), ref: 00FA9D96
                                                                • GetAsyncKeyState.USER32(00000012), ref: 00FA9DAE
                                                                • GetKeyState.USER32(00000012), ref: 00FA9DC0
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00FA9DD8
                                                                • GetKeyState.USER32(0000005B), ref: 00FA9DEA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: c0e11240862065daeb1b318c2788852112868abef911125a9bc1d6080a559973
                                                                • Instruction ID: 3f901dd73af814d6d8b714eda5d998f57997c90e5cb929f6857beaf979375f40
                                                                • Opcode Fuzzy Hash: c0e11240862065daeb1b318c2788852112868abef911125a9bc1d6080a559973
                                                                • Instruction Fuzzy Hash: EC41D9B4D0CBCA69FF30877084443B5BEA16F13364F08807ADAC6565C2DBE499C4E7A2
                                                                Function 00FC055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00FC05BC
                                                                • inet_addr.WSOCK32(?), ref: 00FC061C
                                                                • gethostbyname.WSOCK32(?), ref: 00FC0628
                                                                • IcmpCreateFile.IPHLPAPI ref: 00FC0636
                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00FC06C6
                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00FC06E5
                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 00FC07B9
                                                                • WSACleanup.WSOCK32 ref: 00FC07BF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                • String ID: Ping
                                                                • API String ID: 1028309954-2246546115
                                                                • Opcode ID: ba8618dc7da2ef69caaa839441b9f24f6db484ac1cdb82f3311eb7df7b574105
                                                                • Instruction ID: 01c13f4a224b58f7a38f762965a693b3c04e9b1f846dc05ee392867ab21af876
                                                                • Opcode Fuzzy Hash: ba8618dc7da2ef69caaa839441b9f24f6db484ac1cdb82f3311eb7df7b574105
                                                                • Instruction Fuzzy Hash: F9919035A04202DFD724CF15C98AF16BBE1AF44328F14859DF4698B6A2CB34ED46EF91
                                                                Function 00FC8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharLower
                                                                • String ID: cdecl$none$stdcall$winapi
                                                                • API String ID: 707087890-567219261
                                                                • Opcode ID: 01a9a59d88a5803745025a0e6156cb738fb81931e131bdf3ba947feb0fe65e36
                                                                • Instruction ID: c4b5774fc3f3af3be366fa58632b27dd1a7d4d691bd4a4d599ef4b18b1e41538
                                                                • Opcode Fuzzy Hash: 01a9a59d88a5803745025a0e6156cb738fb81931e131bdf3ba947feb0fe65e36
                                                                • Instruction Fuzzy Hash: 7E519331A001179BCB14DFACCA42ABEB7A5BF64360B20421DE856E72C5DF35DD41E790
                                                                Function 00FC372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32 ref: 00FC3774
                                                                • CoUninitialize.OLE32 ref: 00FC377F
                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00FDFB78,?), ref: 00FC37D9
                                                                • IIDFromString.OLE32(?,?), ref: 00FC384C
                                                                • VariantInit.OLEAUT32(?), ref: 00FC38E4
                                                                • VariantClear.OLEAUT32(?), ref: 00FC3936
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                • API String ID: 636576611-1287834457
                                                                • Opcode ID: fb83e756fb871b5750124fe0b0694bc408f82cd8eebe20b82609362d2fb6eab4
                                                                • Instruction ID: fd7b268381b99dcaf1fb049b818be3fa66eb24c53e5c41fb27533ab566902b0a
                                                                • Opcode Fuzzy Hash: fb83e756fb871b5750124fe0b0694bc408f82cd8eebe20b82609362d2fb6eab4
                                                                • Instruction Fuzzy Hash: AA61C571608302AFD311DF64C94AF5ABBE4EF89754F00890DF9859B291C774EE48EB92
                                                                Function 00FB3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00FB33CF
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00FB33F0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-3080491070
                                                                • Opcode ID: cfaeeac9dfa38a594d4e081a9265f977fe49efb555b29f34b359a7ae1c487a38
                                                                • Instruction ID: fba0fca98f2c89d290c95d717f2affb69a2f129e331c7e00da124ade1397f4ec
                                                                • Opcode Fuzzy Hash: cfaeeac9dfa38a594d4e081a9265f977fe49efb555b29f34b359a7ae1c487a38
                                                                • Instruction Fuzzy Hash: A951C172D4020ABADF15EBA0CD46EEEB779AF04340F144165F90572052EB792F58EF61
                                                                Function 00FAB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                • API String ID: 1256254125-769500911
                                                                • Opcode ID: c528902041e0fe19fbe1c9dd6ae3277e862fa217aea901ddea07d6377428b28e
                                                                • Instruction ID: 92d5fd329f30918e1a6f91c094d6665faf08fac7bce075c4c958ed7c3f013e79
                                                                • Opcode Fuzzy Hash: c528902041e0fe19fbe1c9dd6ae3277e862fa217aea901ddea07d6377428b28e
                                                                • Instruction Fuzzy Hash: E74106B2E000269ACB106F7DCC905BE77A5BF62764B244169E465DB382F735CD81E790
                                                                Function 00FB5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00FB53A0
                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00FB5416
                                                                • GetLastError.KERNEL32 ref: 00FB5420
                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 00FB54A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                • API String ID: 4194297153-14809454
                                                                • Opcode ID: 6e8ac279b959be84412a886f46685a46b463057196f808566b5fa38e3496f14f
                                                                • Instruction ID: 2a3a944da9cac5a9ef76136af6b687e24de8115bc07b078925fcfcbf562e72b8
                                                                • Opcode Fuzzy Hash: 6e8ac279b959be84412a886f46685a46b463057196f808566b5fa38e3496f14f
                                                                • Instruction Fuzzy Hash: B631CE35E00205DFD701EF69C894BEA7BB5EB04715F148056E801CB292D77ADD86EB90
                                                                Function 00FD3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateMenu.USER32 ref: 00FD3C79
                                                                • SetMenu.USER32(?,00000000), ref: 00FD3C88
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FD3D10
                                                                • IsMenu.USER32(?), ref: 00FD3D24
                                                                • CreatePopupMenu.USER32 ref: 00FD3D2E
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00FD3D5B
                                                                • DrawMenuBar.USER32 ref: 00FD3D63
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                • String ID: 0$F
                                                                • API String ID: 161812096-3044882817
                                                                • Opcode ID: 86ca901c5bee5ba7f8ee20eaa2730363fa292137ae30ece2c7699f841f21d25e
                                                                • Instruction ID: cddee81817e129603ebd55d7505b4a031e13b5b200ab2e87b2cb0d151b23007a
                                                                • Opcode Fuzzy Hash: 86ca901c5bee5ba7f8ee20eaa2730363fa292137ae30ece2c7699f841f21d25e
                                                                • Instruction Fuzzy Hash: 3A416D75A0120AAFDB14CF64E844B9A7BB7FF49350F18002AFA4697350D735AA10EF91
                                                                Function 00FA1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FA3CCA
                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00FA1F64
                                                                • GetDlgCtrlID.USER32 ref: 00FA1F6F
                                                                • GetParent.USER32 ref: 00FA1F8B
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00FA1F8E
                                                                • GetDlgCtrlID.USER32(?), ref: 00FA1F97
                                                                • GetParent.USER32(?), ref: 00FA1FAB
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00FA1FAE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: 3d95edeabf77ebebdc70ca4d260c2b95445a546b028e90cd94550146e449d5ed
                                                                • Instruction ID: 301a4d7013df43821915ac896dacced49a201adb877728219c384cc4ebd8bb78
                                                                • Opcode Fuzzy Hash: 3d95edeabf77ebebdc70ca4d260c2b95445a546b028e90cd94550146e449d5ed
                                                                • Instruction Fuzzy Hash: 0121B3B5E00118BFCF05AFA0DC859EEBBB9EF06310F000116B95567291CB789904EBA0
                                                                Function 00FA1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FA3CCA
                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00FA2043
                                                                • GetDlgCtrlID.USER32 ref: 00FA204E
                                                                • GetParent.USER32 ref: 00FA206A
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00FA206D
                                                                • GetDlgCtrlID.USER32(?), ref: 00FA2076
                                                                • GetParent.USER32(?), ref: 00FA208A
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00FA208D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: 55855fa575482d9c82e5ddff221c75f0cc06816012d5b1f62dfbe43174f6b924
                                                                • Instruction ID: 3a509476304706b56282617fe8ee4c9af83a9672b4fd8ec05b603df78198fa7e
                                                                • Opcode Fuzzy Hash: 55855fa575482d9c82e5ddff221c75f0cc06816012d5b1f62dfbe43174f6b924
                                                                • Instruction Fuzzy Hash: C721D4B5E00218BBDF10AFB4DC85EEEBFB9EF05310F004006B955A71A1CA799914EBA0
                                                                Function 00FD3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00FD3A9D
                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00FD3AA0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD3AC7
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00FD3AEA
                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00FD3B62
                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00FD3BAC
                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00FD3BC7
                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00FD3BE2
                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00FD3BF6
                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00FD3C13
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$LongWindow
                                                                • String ID:
                                                                • API String ID: 312131281-0
                                                                • Opcode ID: c6f5973613c3c23fed6b379f446414f2a2014b7946994ae67cfa02d347c61c23
                                                                • Instruction ID: be00bcd89114a7e731ee3d4b4e5df2bb75688e0a5393361745498bd149250248
                                                                • Opcode Fuzzy Hash: c6f5973613c3c23fed6b379f446414f2a2014b7946994ae67cfa02d347c61c23
                                                                • Instruction Fuzzy Hash: E2619C75900208AFDB20DFA8CC81EEE77F9EB49310F14019AFA15A7391D774AE41EB50
                                                                Function 00FAB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 00FAB151
                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00FAA1E1,?,00000001), ref: 00FAB165
                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 00FAB16C
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00FAA1E1,?,00000001), ref: 00FAB17B
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00FAB18D
                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00FAA1E1,?,00000001), ref: 00FAB1A6
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00FAA1E1,?,00000001), ref: 00FAB1B8
                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00FAA1E1,?,00000001), ref: 00FAB1FD
                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00FAA1E1,?,00000001), ref: 00FAB212
                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00FAA1E1,?,00000001), ref: 00FAB21D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                • String ID:
                                                                • API String ID: 2156557900-0
                                                                • Opcode ID: 70b09318c904df080a6879a4564115dc4d90f0862ec4b5fe2ad1b8c288184834
                                                                • Instruction ID: b2fa9b8507604cec56ad3bcf94ef80bd76ab847bb953f5068136583539006789
                                                                • Opcode Fuzzy Hash: 70b09318c904df080a6879a4564115dc4d90f0862ec4b5fe2ad1b8c288184834
                                                                • Instruction Fuzzy Hash: CB319EB1940209BFDB269F24EC58B6D7BEABF52371F104006FA45DA181D7B99D40EFA0
                                                                Function 00F72C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00F72C94
                                                                  • Part of subcall function 00F729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000), ref: 00F729DE
                                                                  • Part of subcall function 00F729C8: GetLastError.KERNEL32(00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000,00000000), ref: 00F729F0
                                                                • _free.LIBCMT ref: 00F72CA0
                                                                • _free.LIBCMT ref: 00F72CAB
                                                                • _free.LIBCMT ref: 00F72CB6
                                                                • _free.LIBCMT ref: 00F72CC1
                                                                • _free.LIBCMT ref: 00F72CCC
                                                                • _free.LIBCMT ref: 00F72CD7
                                                                • _free.LIBCMT ref: 00F72CE2
                                                                • _free.LIBCMT ref: 00F72CED
                                                                • _free.LIBCMT ref: 00F72CFB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: 37a81f2724ed51c06a089691264be615224943ce5365d1907c9e6e2f23103b5d
                                                                • Instruction ID: f47802a6327195482db39c72a1cba42749470821a8f1c96fb39353737b270793
                                                                • Opcode Fuzzy Hash: 37a81f2724ed51c06a089691264be615224943ce5365d1907c9e6e2f23103b5d
                                                                • Instruction Fuzzy Hash: 4D119676500108AFCB42EF68DC42CDD7BB5FF05350F4584A6FA4C5B222D635EA90BB91
                                                                Function 00FB7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00FB7FAD
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB7FC1
                                                                • GetFileAttributesW.KERNEL32(?), ref: 00FB7FEB
                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00FB8005
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB8017
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB8060
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00FB80B0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory$AttributesFile
                                                                • String ID: *.*
                                                                • API String ID: 769691225-438819550
                                                                • Opcode ID: 04c6a6a5080dc9c30f5f1ba52359439e1399762b8bb826c102034058e7a67639
                                                                • Instruction ID: d227bf309c0e26faf94eb2bdf1b7264b40bfba6a0641da3d26982daecb89f2d9
                                                                • Opcode Fuzzy Hash: 04c6a6a5080dc9c30f5f1ba52359439e1399762b8bb826c102034058e7a67639
                                                                • Instruction Fuzzy Hash: FD819F729083419BCB20FF16C844AAAB7E9BFC4360F14485AF885D7250EB75DD49EF92
                                                                Function 00F45BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00F45C7A
                                                                  • Part of subcall function 00F45D0A: GetClientRect.USER32(?,?), ref: 00F45D30
                                                                  • Part of subcall function 00F45D0A: GetWindowRect.USER32(?,?), ref: 00F45D71
                                                                  • Part of subcall function 00F45D0A: ScreenToClient.USER32(?,?), ref: 00F45D99
                                                                • GetDC.USER32 ref: 00F846F5
                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00F84708
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00F84716
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00F8472B
                                                                • ReleaseDC.USER32(?,00000000), ref: 00F84733
                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00F847C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                • String ID: U
                                                                • API String ID: 4009187628-3372436214
                                                                • Opcode ID: 8f555e1171d5db462a1dec75113d1824289409e2f3980d91531db88cb240dc23
                                                                • Instruction ID: dcb856e195d75bb48303e678938286e6aa1d2c234645acea317a13a4f0cd0bc8
                                                                • Opcode Fuzzy Hash: 8f555e1171d5db462a1dec75113d1824289409e2f3980d91531db88cb240dc23
                                                                • Instruction Fuzzy Hash: C371C231800206DFCF21AF64C984AFE7BB6FF46364F144266EE555A1A6D335A841FF50
                                                                Function 00FB359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00FB35E4
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • LoadStringW.USER32(01012390,?,00000FFF,?), ref: 00FB360A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-2391861430
                                                                • Opcode ID: d5f8f412856d90b08c7c2590d5db0a503fd3df0341c67dd479d4580cbbffe5b6
                                                                • Instruction ID: c4e6e6918e72fb9f02fe49d881639faf4c7c745603a5b8cea99e01f418a5a3f8
                                                                • Opcode Fuzzy Hash: d5f8f412856d90b08c7c2590d5db0a503fd3df0341c67dd479d4580cbbffe5b6
                                                                • Instruction Fuzzy Hash: 6D519F72D4420ABADF15EBA1CC42EEEBB39AF04300F144125F50572192DB791B98EFA1
                                                                Function 00FBC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00FBC272
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00FBC29A
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00FBC2CA
                                                                • GetLastError.KERNEL32 ref: 00FBC322
                                                                • SetEvent.KERNEL32(?), ref: 00FBC336
                                                                • InternetCloseHandle.WININET(00000000), ref: 00FBC341
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                • String ID:
                                                                • API String ID: 3113390036-3916222277
                                                                • Opcode ID: 982d85d6d502bbf7195a49a3638bb9a868144fbf5b7e8e5d3f843c260777a070
                                                                • Instruction ID: f9694ad49e6db7425906a8f2c355a7ba02bda7f48843134a8f49f4baefb531a4
                                                                • Opcode Fuzzy Hash: 982d85d6d502bbf7195a49a3638bb9a868144fbf5b7e8e5d3f843c260777a070
                                                                • Instruction Fuzzy Hash: 6F317FB1601209AFD7219F668C88AEB7BFDEB49754B58851EF486D3200DB34DD04AFE1
                                                                Function 00FA989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00F83AAF,?,?,Bad directive syntax error,00FDCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00FA98BC
                                                                • LoadStringW.USER32(00000000,?,00F83AAF,?), ref: 00FA98C3
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00FA9987
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                • API String ID: 858772685-4153970271
                                                                • Opcode ID: ddfeeb15005fbfd98e7e0006e1cdf9ca012f261129232249503d06294ca33e74
                                                                • Instruction ID: 1005bf0a8c3b5ed5546cd1a4562f1ea3ff17185cbd8b665b846992c72963f488
                                                                • Opcode Fuzzy Hash: ddfeeb15005fbfd98e7e0006e1cdf9ca012f261129232249503d06294ca33e74
                                                                • Instruction Fuzzy Hash: 15218232D0421EFBDF15AF90CC0AEEE7B76BF19300F044469FA15650A2DB759668EB50
                                                                Function 00FA209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32 ref: 00FA20AB
                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00FA20C0
                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00FA214D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameParentSend
                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                • API String ID: 1290815626-3381328864
                                                                • Opcode ID: 21efa69a87f14dbb58255dc6cef16a70f57cec54fc6e588a88d39e4be450f1a9
                                                                • Instruction ID: 7e3659bbd42c1bc2b87eb75fc83506211265a96c8ca0f630e426f2e20ec1b0c3
                                                                • Opcode Fuzzy Hash: 21efa69a87f14dbb58255dc6cef16a70f57cec54fc6e588a88d39e4be450f1a9
                                                                • Instruction Fuzzy Hash: 9011A3B6788707B9FA0666299C06DA7379CDF06724F20011AFB44A90E1EA69B8427A54
                                                                Function 00F78D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2345a5943047c9869c4c3a7bb7ad84c258737e29b24d7a127e61bc5801c908a
                                                                • Instruction ID: 20fab4ffc2b8d11818c26a01e2c49793db2816c01c31ab60f8a7d6a052b0b5d7
                                                                • Opcode Fuzzy Hash: a2345a5943047c9869c4c3a7bb7ad84c258737e29b24d7a127e61bc5801c908a
                                                                • Instruction Fuzzy Hash: 5DC1F675D082499FCF11DFB8D845BADBBB0AF09320F04815AF558A7392C7798942EB62
                                                                Function 00F7CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                • String ID:
                                                                • API String ID: 1282221369-0
                                                                • Opcode ID: 4659b1a8a99fabf81689355f67ab1960e02085f110c05085302f47cf314906a0
                                                                • Instruction ID: 395c9dd917d2fa76aa6a80975b2edabc8eb88a7e9d7ad8c0b8ec383a4c3d4d25
                                                                • Opcode Fuzzy Hash: 4659b1a8a99fabf81689355f67ab1960e02085f110c05085302f47cf314906a0
                                                                • Instruction Fuzzy Hash: 81611971D04200AFDB21AF74AC41AAD7BA5AF05320F44C16FF98D97249D73A9D41B7A3
                                                                Function 00FD50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00FD5186
                                                                • ShowWindow.USER32(?,00000000), ref: 00FD51C7
                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 00FD51CD
                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00FD51D1
                                                                  • Part of subcall function 00FD6FBA: DeleteObject.GDI32(00000000), ref: 00FD6FE6
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD520D
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FD521A
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00FD524D
                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00FD5287
                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00FD5296
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                • String ID:
                                                                • API String ID: 3210457359-0
                                                                • Opcode ID: e00ebf0f51d5692324ab030a144e155b940f4fee12a8e3df8a7f4ff90ff2c2e9
                                                                • Instruction ID: c69d9f1a2c6be513ab450f05a64ed8037e22529a4c12bfc836c0dcb7acadc0be
                                                                • Opcode Fuzzy Hash: e00ebf0f51d5692324ab030a144e155b940f4fee12a8e3df8a7f4ff90ff2c2e9
                                                                • Instruction Fuzzy Hash: 4251A031A41A09BEEF259F24CC45B983B73EB05B62F184113FA24963E0C7799988FB40
                                                                Function 00F58B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00F96890
                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00F968A9
                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00F968B9
                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00F968D1
                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00F968F2
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F58874,00000000,00000000,00000000,000000FF,00000000), ref: 00F96901
                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00F9691E
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F58874,00000000,00000000,00000000,000000FF,00000000), ref: 00F9692D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                • String ID:
                                                                • API String ID: 1268354404-0
                                                                • Opcode ID: 5c6ebcc027ee4493374db04cc9d9751c47c2a9195ea375aac5f6302659c06503
                                                                • Instruction ID: a6b6ba27addf0d13a1cfb4f5ed1c5f31d059868fb695992d31d27a5723bee47f
                                                                • Opcode Fuzzy Hash: 5c6ebcc027ee4493374db04cc9d9751c47c2a9195ea375aac5f6302659c06503
                                                                • Instruction Fuzzy Hash: 26518D70A00209EFEB24CF24CC41FAA7BB6EF84361F104519FA56E7290DB75E955EB40
                                                                Function 00FBC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00FBC182
                                                                • GetLastError.KERNEL32 ref: 00FBC195
                                                                • SetEvent.KERNEL32(?), ref: 00FBC1A9
                                                                  • Part of subcall function 00FBC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00FBC272
                                                                  • Part of subcall function 00FBC253: GetLastError.KERNEL32 ref: 00FBC322
                                                                  • Part of subcall function 00FBC253: SetEvent.KERNEL32(?), ref: 00FBC336
                                                                  • Part of subcall function 00FBC253: InternetCloseHandle.WININET(00000000), ref: 00FBC341
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                • String ID:
                                                                • API String ID: 337547030-0
                                                                • Opcode ID: e4f6857a44688318056f5aeb69a32c42adca0dfc935f64f058f4effbc2d96c05
                                                                • Instruction ID: c3f7a9638f41af100be5948cfec00766f291e19ec5bbfcd2bc2496f588435698
                                                                • Opcode Fuzzy Hash: e4f6857a44688318056f5aeb69a32c42adca0dfc935f64f058f4effbc2d96c05
                                                                • Instruction Fuzzy Hash: 64316971601606AFDB219FB69C44AA7BBEAFF58310B00441EF95A87610D730E814FFE0
                                                                Function 00FA25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00FA3A57
                                                                  • Part of subcall function 00FA3A3D: GetCurrentThreadId.KERNEL32 ref: 00FA3A5E
                                                                  • Part of subcall function 00FA3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00FA25B3), ref: 00FA3A65
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00FA25BD
                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00FA25DB
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00FA25DF
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00FA25E9
                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00FA2601
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00FA2605
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00FA260F
                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00FA2623
                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00FA2627
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                • String ID:
                                                                • API String ID: 2014098862-0
                                                                • Opcode ID: 6504fd856b01d55ce5332bf5ce38ac845f76921defe41eedd446a2306ed28d6b
                                                                • Instruction ID: 4f7b4f161346c4957d9c5852d8e5891fa8c33af770224c8694001e7637c00694
                                                                • Opcode Fuzzy Hash: 6504fd856b01d55ce5332bf5ce38ac845f76921defe41eedd446a2306ed28d6b
                                                                • Instruction Fuzzy Hash: 6301B171790224BBFB1067799C8AF593F5ADB4AB12F100002F318AE1D1C9F26444EAA9
                                                                Function 00FA1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00FA1449,?,?,00000000), ref: 00FA180C
                                                                • HeapAlloc.KERNEL32(00000000,?,00FA1449,?,?,00000000), ref: 00FA1813
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00FA1449,?,?,00000000), ref: 00FA1828
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00FA1449,?,?,00000000), ref: 00FA1830
                                                                • DuplicateHandle.KERNEL32(00000000,?,00FA1449,?,?,00000000), ref: 00FA1833
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00FA1449,?,?,00000000), ref: 00FA1843
                                                                • GetCurrentProcess.KERNEL32(00FA1449,00000000,?,00FA1449,?,?,00000000), ref: 00FA184B
                                                                • DuplicateHandle.KERNEL32(00000000,?,00FA1449,?,?,00000000), ref: 00FA184E
                                                                • CreateThread.KERNEL32(00000000,00000000,00FA1874,00000000,00000000,00000000), ref: 00FA1868
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                • String ID:
                                                                • API String ID: 1957940570-0
                                                                • Opcode ID: 921d209ad1966795d7ecc8fd3af911493b92bed01e3e8f26a1fde3fac5f75264
                                                                • Instruction ID: f7fd301f8c3b4451e10ff7ade3d911c34516b65e865e063ba0ad57e3e5b6cbdd
                                                                • Opcode Fuzzy Hash: 921d209ad1966795d7ecc8fd3af911493b92bed01e3e8f26a1fde3fac5f75264
                                                                • Instruction Fuzzy Hash: 9601BBB5281319BFE710ABB5DC4DF6B3BADEB89B11F014411FA05DB1A2CA749800DB60
                                                                Function 00FCA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FAD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00FAD501
                                                                  • Part of subcall function 00FAD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00FAD50F
                                                                  • Part of subcall function 00FAD4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 00FAD5DC
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00FCA16D
                                                                • GetLastError.KERNEL32 ref: 00FCA180
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00FCA1B3
                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00FCA268
                                                                • GetLastError.KERNEL32(00000000), ref: 00FCA273
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FCA2C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 1701285019-2896544425
                                                                • Opcode ID: 94ab16dda5a9ec63635ab1c008e804262279ac7f158479a37f994e1353aab4fc
                                                                • Instruction ID: 60bcdd0bd67e92ee0cc73086ce9355392d6e99ce09e31e9d8868799fa87befdb
                                                                • Opcode Fuzzy Hash: 94ab16dda5a9ec63635ab1c008e804262279ac7f158479a37f994e1353aab4fc
                                                                • Instruction Fuzzy Hash: FD61BE716052429FD320DF14C995F65BBE1AF44328F18848CE8668B7A3C776FC49EB92
                                                                Function 00FD3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00FD3925
                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00FD393A
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00FD3954
                                                                • _wcslen.LIBCMT ref: 00FD3999
                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00FD39C6
                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00FD39F4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window_wcslen
                                                                • String ID: SysListView32
                                                                • API String ID: 2147712094-78025650
                                                                • Opcode ID: d683f4f76b5398141a9c6f8bbb20b02f13cd67e5beae3cd9f39de3fea306be26
                                                                • Instruction ID: 89a3d42714aaa00615ab60ed26cd59c808dc426cbd2dddc5347b7176e1c8ee19
                                                                • Opcode Fuzzy Hash: d683f4f76b5398141a9c6f8bbb20b02f13cd67e5beae3cd9f39de3fea306be26
                                                                • Instruction Fuzzy Hash: BC41C671E00219ABEF219F64CC45BEA77AAEF08360F140527FA48E7281D775DD80EB91
                                                                Function 00FABC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FABCFD
                                                                • IsMenu.USER32(00000000), ref: 00FABD1D
                                                                • CreatePopupMenu.USER32 ref: 00FABD53
                                                                • GetMenuItemCount.USER32(015064D0), ref: 00FABDA4
                                                                • InsertMenuItemW.USER32(015064D0,?,00000001,00000030), ref: 00FABDCC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                • String ID: 0$2
                                                                • API String ID: 93392585-3793063076
                                                                • Opcode ID: d99b970ea12c7eb5af094b88dd96746e1a9b360bc939b96304664c31b45c9635
                                                                • Instruction ID: ed936f71a45d1cfc9ae57ddcbad3637cb3d95faca15d0eb893157d6d24e843e3
                                                                • Opcode Fuzzy Hash: d99b970ea12c7eb5af094b88dd96746e1a9b360bc939b96304664c31b45c9635
                                                                • Instruction Fuzzy Hash: EB51A1B1A002099BDF10CFB8D888BAEBBF5BF47324F144259E411DB292D774A941EB61
                                                                Function 00FAC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadIconW.USER32(00000000,00007F03), ref: 00FAC913
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoad
                                                                • String ID: blank$info$question$stop$warning
                                                                • API String ID: 2457776203-404129466
                                                                • Opcode ID: b2a9e573724f5620ac8fcef19aa1cc92b5c8fff73192df5e261cfebbcf3aba41
                                                                • Instruction ID: 28435d0aba7afd7fc47085c1f9303d167d14fee81e89386fcb5a96bcee18093b
                                                                • Opcode Fuzzy Hash: b2a9e573724f5620ac8fcef19aa1cc92b5c8fff73192df5e261cfebbcf3aba41
                                                                • Instruction Fuzzy Hash: 1411EE76A89306BAE7016B559D82D9F77DCEF1B760B10002FF504A6281E7796D0072E5
                                                                Function 00FADE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                • String ID: 0.0.0.0
                                                                • API String ID: 642191829-3771769585
                                                                • Opcode ID: e2d9f77b215f8b6904e35326ce72f98146c6be3ad6d5ce5b60185b98a22aa3ff
                                                                • Instruction ID: 90709a6195d49068372bd80c3e0b2285b8ae8872ce29b59ca4c66c0792e48180
                                                                • Opcode Fuzzy Hash: e2d9f77b215f8b6904e35326ce72f98146c6be3ad6d5ce5b60185b98a22aa3ff
                                                                • Instruction Fuzzy Hash: E7110AB1904119AFCB247B30DC4AEDE77ADDF11721F04026AF54696091EF759A81FAA0
                                                                Function 00FD9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F59BB2
                                                                • GetSystemMetrics.USER32(0000000F), ref: 00FD9FC7
                                                                • GetSystemMetrics.USER32(0000000F), ref: 00FD9FE7
                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00FDA224
                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00FDA242
                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00FDA263
                                                                • ShowWindow.USER32(00000003,00000000), ref: 00FDA282
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00FDA2A7
                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 00FDA2CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                • String ID:
                                                                • API String ID: 1211466189-0
                                                                • Opcode ID: f157e5d82c87ba27d0b5b4e45f2b37fbf3678586be16e8d382bde3a5f452a02a
                                                                • Instruction ID: 7bc66f4034984d1b8e990377c922094638d918cd6954bb775ea30e82e81d8d25
                                                                • Opcode Fuzzy Hash: f157e5d82c87ba27d0b5b4e45f2b37fbf3678586be16e8d382bde3a5f452a02a
                                                                • Instruction Fuzzy Hash: D0B19C31A00219DFDF14CF69C9857AE7BB2FF44711F08806AEC499B399D731A940EB55
                                                                Function 00FAED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$LocalTime
                                                                • String ID:
                                                                • API String ID: 952045576-0
                                                                • Opcode ID: bc35139e0bfab8f8dff3e03d246787007bdeeaf9bca938b4bfb617c0e519a453
                                                                • Instruction ID: 7b4cdb4f08a025dd51b9b0fb8a4ffb551886ec618a4c6f2809cf66a8c5ed257a
                                                                • Opcode Fuzzy Hash: bc35139e0bfab8f8dff3e03d246787007bdeeaf9bca938b4bfb617c0e519a453
                                                                • Instruction Fuzzy Hash: 5341C365D1021875DB11FBF4CC8A9CFB7A8AF46310F508566E518E3121FB38E245E3E5
                                                                Function 00F5F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F9682C,00000004,00000000,00000000), ref: 00F5F953
                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00F9682C,00000004,00000000,00000000), ref: 00F9F3D1
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F9682C,00000004,00000000,00000000), ref: 00F9F454
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ShowWindow
                                                                • String ID:
                                                                • API String ID: 1268545403-0
                                                                • Opcode ID: 680f25ab9ab6bcc49282d2eb8204151cd440913fdba81d7ccb1384d49e04d3ed
                                                                • Instruction ID: 3f6096d122f64f2d3b826fb4f16e823512948b8f6393d6c53eebd42fde4daae3
                                                                • Opcode Fuzzy Hash: 680f25ab9ab6bcc49282d2eb8204151cd440913fdba81d7ccb1384d49e04d3ed
                                                                • Instruction Fuzzy Hash: 2B415231904E40BBDB398B3CCC88B6A7B92AB46372F14417DEB8793560C676948CF751
                                                                Function 00FD2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 00FD2D1B
                                                                • GetDC.USER32(00000000), ref: 00FD2D23
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FD2D2E
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00FD2D3A
                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00FD2D76
                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00FD2D87
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00FD5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00FD2DC2
                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00FD2DE1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                • String ID:
                                                                • API String ID: 3864802216-0
                                                                • Opcode ID: f2c61da90c215998fa083a56351e8e48d902c448555ed38dc55aed96f9258262
                                                                • Instruction ID: b19eda3b3fb63a798f8c22967cb26402a47affd7c345e24d4cf63f8aa4244d72
                                                                • Opcode Fuzzy Hash: f2c61da90c215998fa083a56351e8e48d902c448555ed38dc55aed96f9258262
                                                                • Instruction Fuzzy Hash: 75317F72202214BFEB114F64CC89FEB3BAAEF19725F084056FE08DA291D6759C51D7A4
                                                                Function 00FA5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: ea5c9f3f471ee0c6e99d009d960284c799d834ef2f79d8a52e62c7dda150aef1
                                                                • Instruction ID: 373a316c0ceba1385c3f0025a36a0a7a8f506270f6282f658eda4b4699216a1f
                                                                • Opcode Fuzzy Hash: ea5c9f3f471ee0c6e99d009d960284c799d834ef2f79d8a52e62c7dda150aef1
                                                                • Instruction Fuzzy Hash: E021CCE2A40A0977D61455108E83FFA335DBF22B94F484021FD169A742F725EE14B5A5
                                                                Function 00FC4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                • API String ID: 0-572801152
                                                                • Opcode ID: 49354f1c52cac78ff55c48b12739f8e7f798e0e39de6c6eadfe89828bf4f7f7f
                                                                • Instruction ID: 1b23cefd391ddbaf2d783b79cd14d16356737c7bece80fe91f1dcf1813b00392
                                                                • Opcode Fuzzy Hash: 49354f1c52cac78ff55c48b12739f8e7f798e0e39de6c6eadfe89828bf4f7f7f
                                                                • Instruction Fuzzy Hash: 91D1AD71A0060B9FDF10CFA8C982FAEB7B5BF48754F14816DE915AB280D770E985DB90
                                                                Function 00F81522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCPInfo.KERNEL32(?,?), ref: 00F815CE
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00F81651
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F816E4
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00F816FB
                                                                  • Part of subcall function 00F73820: RtlAllocateHeap.NTDLL(00000000,?,01011444,?,00F5FDF5,?,?,00F4A976,00000010,01011440,00F413FC,?,00F413C6,?,00F41129), ref: 00F73852
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F81777
                                                                • __freea.LIBCMT ref: 00F817A2
                                                                • __freea.LIBCMT ref: 00F817AE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                • String ID:
                                                                • API String ID: 2829977744-0
                                                                • Opcode ID: 0a9acc44b47cb3ca0c3f21339a1cd6efe64ed6243a2f19c84afcd3af54b3705e
                                                                • Instruction ID: 3107af70521e237b335199f2ebed0c8423196b65e68707e8e51931b2ddb22057
                                                                • Opcode Fuzzy Hash: 0a9acc44b47cb3ca0c3f21339a1cd6efe64ed6243a2f19c84afcd3af54b3705e
                                                                • Instruction Fuzzy Hash: 2591A572E002169ADF20AE74CC41AEE7BB9BF49760F184759E805EB141DB35DC46EBA0
                                                                Function 00FC4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit
                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                • API String ID: 2610073882-625585964
                                                                • Opcode ID: f6e41c9287c406336fdf28d2db7e51f702c5ab76b81b2965cffe1c5cc70de7a1
                                                                • Instruction ID: a42aaa9701301dc79bfe667c649a398c052cd6c555603a4a2e9e57a30d0e9386
                                                                • Opcode Fuzzy Hash: f6e41c9287c406336fdf28d2db7e51f702c5ab76b81b2965cffe1c5cc70de7a1
                                                                • Instruction Fuzzy Hash: 4991AE71E0021AABDF20CFA5C955FAEBBB8EF46720F10855DF505AB280D770A945DFA0
                                                                Function 00FB1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00FB125C
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00FB1284
                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00FB12A8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FB12D8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FB135F
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FB13C4
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FB1430
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                • String ID:
                                                                • API String ID: 2550207440-0
                                                                • Opcode ID: 592f2831732fe60753330bc6291833bf6c9f134de03aaa7c507dabb397641be2
                                                                • Instruction ID: daa8cdf8070e1a7aa3b2e5490d13ce7914ccfc4a2e05af987842bd2d941fe6dd
                                                                • Opcode Fuzzy Hash: 592f2831732fe60753330bc6291833bf6c9f134de03aaa7c507dabb397641be2
                                                                • Instruction Fuzzy Hash: B191DF72A00209AFDB00DFA9C8A4BFE77B5FF46321F144129E900E7291D779A941EF90
                                                                Function 00F5948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 2b89e3e7a9d1fbd311bb9bd37e93d4489294d14d5564edfe0549015fcae1c350
                                                                • Instruction ID: c3b876a672df624c89169dfab4c7eac4f57dc1c1e142431c497e7b1d15e04d37
                                                                • Opcode Fuzzy Hash: 2b89e3e7a9d1fbd311bb9bd37e93d4489294d14d5564edfe0549015fcae1c350
                                                                • Instruction Fuzzy Hash: F2916871D04219EFCB14CFA9CC88AEEBBB9FF48320F148059E915B7251D378A955EB60
                                                                Function 00FC3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00FC396B
                                                                • CharUpperBuffW.USER32(?,?), ref: 00FC3A7A
                                                                • _wcslen.LIBCMT ref: 00FC3A8A
                                                                • VariantClear.OLEAUT32(?), ref: 00FC3C1F
                                                                  • Part of subcall function 00FB0CDF: VariantInit.OLEAUT32(00000000), ref: 00FB0D1F
                                                                  • Part of subcall function 00FB0CDF: VariantCopy.OLEAUT32(?,?), ref: 00FB0D28
                                                                  • Part of subcall function 00FB0CDF: VariantClear.OLEAUT32(?), ref: 00FB0D34
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                • API String ID: 4137639002-1221869570
                                                                • Opcode ID: beacd2b3eb056a35f3eb3f39e5d00160ae3f95b77ab4ec2047d6593ce2276438
                                                                • Instruction ID: 5b311c25e685be7a618e8d3b2885bbc2c191ee59ec88b48377d6c22b79538096
                                                                • Opcode Fuzzy Hash: beacd2b3eb056a35f3eb3f39e5d00160ae3f95b77ab4ec2047d6593ce2276438
                                                                • Instruction Fuzzy Hash: D6918D75A083029FC704DF24C981A6ABBE5FF88354F14891DF8899B351DB35EE05DB82
                                                                Function 00FC4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?,?,?,00FA035E), ref: 00FA002B
                                                                  • Part of subcall function 00FA000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?,?), ref: 00FA0046
                                                                  • Part of subcall function 00FA000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?,?), ref: 00FA0054
                                                                  • Part of subcall function 00FA000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?), ref: 00FA0064
                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00FC4C51
                                                                • _wcslen.LIBCMT ref: 00FC4D59
                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00FC4DCF
                                                                • CoTaskMemFree.OLE32(?), ref: 00FC4DDA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                • String ID: NULL Pointer assignment
                                                                • API String ID: 614568839-2785691316
                                                                • Opcode ID: e97a76147563ef4d919b3b1786b8d566d86b67b713ddad72bfbdab378160a700
                                                                • Instruction ID: c474e9b4cf8eb5e7b5e3d97333e234a7ecc4df9defa4b016bb00e35b3b988b58
                                                                • Opcode Fuzzy Hash: e97a76147563ef4d919b3b1786b8d566d86b67b713ddad72bfbdab378160a700
                                                                • Instruction Fuzzy Hash: 0F911871D0021A9FDF14DFA4DC91EEEBBB9BF08310F10816AE915A7251DB746A44DF60
                                                                Function 00FD20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenu.USER32(?), ref: 00FD2183
                                                                • GetMenuItemCount.USER32(00000000), ref: 00FD21B5
                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00FD21DD
                                                                • _wcslen.LIBCMT ref: 00FD2213
                                                                • GetMenuItemID.USER32(?,?), ref: 00FD224D
                                                                • GetSubMenu.USER32(?,?), ref: 00FD225B
                                                                  • Part of subcall function 00FA3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00FA3A57
                                                                  • Part of subcall function 00FA3A3D: GetCurrentThreadId.KERNEL32 ref: 00FA3A5E
                                                                  • Part of subcall function 00FA3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00FA25B3), ref: 00FA3A65
                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00FD22E3
                                                                  • Part of subcall function 00FAE97B: Sleep.KERNEL32 ref: 00FAE9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                • String ID:
                                                                • API String ID: 4196846111-0
                                                                • Opcode ID: 6e73651e802419fefbace64b9f11e8ab092a1d772c6568b28337733fa9387eba
                                                                • Instruction ID: cc19a3fa19d17cf2121d4db97c968934b48142faddc76608935e728f0b91109e
                                                                • Opcode Fuzzy Hash: 6e73651e802419fefbace64b9f11e8ab092a1d772c6568b28337733fa9387eba
                                                                • Instruction Fuzzy Hash: 6A718175E00205AFCB50DF64C841AAEBBF2EF58320F18845AE916EB341D739ED41ABD0
                                                                Function 00FD7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindow.USER32(01506548), ref: 00FD7F37
                                                                • IsWindowEnabled.USER32(01506548), ref: 00FD7F43
                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00FD801E
                                                                • SendMessageW.USER32(01506548,000000B0,?,?), ref: 00FD8051
                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00FD8089
                                                                • GetWindowLongW.USER32(01506548,000000EC), ref: 00FD80AB
                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00FD80C3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                • String ID:
                                                                • API String ID: 4072528602-0
                                                                • Opcode ID: 1d644272cb3f7c42519c99e2c48496ac3fccc2c5fb570f5ae97d435de36fc2f1
                                                                • Instruction ID: f75c56c89c545f68a8dd589bad3b049007f100bda3e9a3d638ac80433808fefc
                                                                • Opcode Fuzzy Hash: 1d644272cb3f7c42519c99e2c48496ac3fccc2c5fb570f5ae97d435de36fc2f1
                                                                • Instruction Fuzzy Hash: C871A434908344AFDB35AF64CC84FAABBB7EF09350F18405BE9555B351DB31A845EB90
                                                                Function 00FAAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(?), ref: 00FAAEF9
                                                                • GetKeyboardState.USER32(?), ref: 00FAAF0E
                                                                • SetKeyboardState.USER32(?), ref: 00FAAF6F
                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00FAAF9D
                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00FAAFBC
                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00FAAFFD
                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00FAB020
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: d5887fba38f62c4547846ef4d20e2b4af81bff071b0fc2b4fe99cb509edface3
                                                                • Instruction ID: 4272ff369060d9aeb65f130cc845d532d594360a1840699fb34eb0077de7d081
                                                                • Opcode Fuzzy Hash: d5887fba38f62c4547846ef4d20e2b4af81bff071b0fc2b4fe99cb509edface3
                                                                • Instruction Fuzzy Hash: 2A51A1E1A047D63DFB3642348C45BBABEE95B07314F08858AE1E9558C3D3D9A8C8F761
                                                                Function 00FAACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(00000000), ref: 00FAAD19
                                                                • GetKeyboardState.USER32(?), ref: 00FAAD2E
                                                                • SetKeyboardState.USER32(?), ref: 00FAAD8F
                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00FAADBB
                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00FAADD8
                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00FAAE17
                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00FAAE38
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: 802886cb0f2d8805c0410f7f03ae8c31b54d5de0e3a03a867d632b0e0a5e3d86
                                                                • Instruction ID: f1df894204a2e403608ab42c2669701d12136e079d5e9c14887c4cc8737b2f30
                                                                • Opcode Fuzzy Hash: 802886cb0f2d8805c0410f7f03ae8c31b54d5de0e3a03a867d632b0e0a5e3d86
                                                                • Instruction Fuzzy Hash: AD51B0E19047D53DFB3782358C95B7ABEA96B47310F088489E1D9468C2D394EC9CF762
                                                                Function 00F7542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleCP.KERNEL32(00F83CD6,?,?,?,?,?,?,?,?,00F75BA3,?,?,00F83CD6,?,?), ref: 00F75470
                                                                • __fassign.LIBCMT ref: 00F754EB
                                                                • __fassign.LIBCMT ref: 00F75506
                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00F83CD6,00000005,00000000,00000000), ref: 00F7552C
                                                                • WriteFile.KERNEL32(?,00F83CD6,00000000,00F75BA3,00000000,?,?,?,?,?,?,?,?,?,00F75BA3,?), ref: 00F7554B
                                                                • WriteFile.KERNEL32(?,?,00000001,00F75BA3,00000000,?,?,?,?,?,?,?,?,?,00F75BA3,?), ref: 00F75584
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                • String ID:
                                                                • API String ID: 1324828854-0
                                                                • Opcode ID: 92c5e35f77826b3b84d26a1998baff16d437bfda2ea76fbcc9d7cecc402799a3
                                                                • Instruction ID: c4482a2b28b4ca6f3f5375a9067f4d66890d9e95303a8567a82011269d270756
                                                                • Opcode Fuzzy Hash: 92c5e35f77826b3b84d26a1998baff16d437bfda2ea76fbcc9d7cecc402799a3
                                                                • Instruction Fuzzy Hash: CA51C1B1A00649AFDB10CFA8D841AEEBBF9EF08710F18811BF559E7291D7709A41DB61
                                                                Function 00F5912D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 00F59141
                                                                • ScreenToClient.USER32(00000000,?), ref: 00F5915E
                                                                • GetAsyncKeyState.USER32(00000001), ref: 00F59183
                                                                • GetAsyncKeyState.USER32(00000002), ref: 00F5919D
                                                                Strings
                                                                • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 00F97152
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AsyncState$ClientCursorScreen
                                                                • String ID: _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                                • API String ID: 4210589936-3308908821
                                                                • Opcode ID: 68d51b8eb7d09b26412839543192ce9f51dccf853639f4277ddb1ace5cd1b1d3
                                                                • Instruction ID: 8f557bbb5b430c73a3fb2dfd3617e947a21553b16f8cc34fc156cbe9227724ba
                                                                • Opcode Fuzzy Hash: 68d51b8eb7d09b26412839543192ce9f51dccf853639f4277ddb1ace5cd1b1d3
                                                                • Instruction Fuzzy Hash: 43417F3190861AEBDF09AF64C844BEEB775FB05331F204216E925A3290C7746D94EB91
                                                                Function 00F62D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _ValidateLocalCookies.LIBCMT ref: 00F62D4B
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00F62D53
                                                                • _ValidateLocalCookies.LIBCMT ref: 00F62DE1
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00F62E0C
                                                                • _ValidateLocalCookies.LIBCMT ref: 00F62E61
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 1170836740-1018135373
                                                                • Opcode ID: cd1124c87c3d2bda4b52fd3cd26aa79e2b9198e791d36e615afa37599edcb829
                                                                • Instruction ID: 075e4ecf7784bcfe5a89d63a2fab949e91a1632c59b6a97e2380797dbf6759d4
                                                                • Opcode Fuzzy Hash: cd1124c87c3d2bda4b52fd3cd26aa79e2b9198e791d36e615afa37599edcb829
                                                                • Instruction Fuzzy Hash: EF41D135E00609ABCF10DF68CC85ADEBBB5BF45324F148165E814AB392DB35EA05EBD1
                                                                Function 00FC10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00FC307A
                                                                  • Part of subcall function 00FC304E: _wcslen.LIBCMT ref: 00FC309B
                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00FC1112
                                                                • WSAGetLastError.WSOCK32 ref: 00FC1121
                                                                • WSAGetLastError.WSOCK32 ref: 00FC11C9
                                                                • closesocket.WSOCK32(00000000), ref: 00FC11F9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 2675159561-0
                                                                • Opcode ID: 8bbd857b75eff679f7773f8e1d2fc53368215a2bbb4d9fb7d0c9826e0dd0fc11
                                                                • Instruction ID: ea33790f24c1250c29aace521d17171a2c5d7fb2999462af5cfbc16afd536dd5
                                                                • Opcode Fuzzy Hash: 8bbd857b75eff679f7773f8e1d2fc53368215a2bbb4d9fb7d0c9826e0dd0fc11
                                                                • Instruction Fuzzy Hash: 9F41E431600206AFDB109F24CD45FA9BBAAFF46324F188059FD159B292C779ED41DBE0
                                                                Function 00FACF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00FACF22,?), ref: 00FADDFD
                                                                  • Part of subcall function 00FADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00FACF22,?), ref: 00FADE16
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00FACF45
                                                                • MoveFileW.KERNEL32(?,?), ref: 00FACF7F
                                                                • _wcslen.LIBCMT ref: 00FAD005
                                                                • _wcslen.LIBCMT ref: 00FAD01B
                                                                • SHFileOperationW.SHELL32(?), ref: 00FAD061
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                • String ID: \*.*
                                                                • API String ID: 3164238972-1173974218
                                                                • Opcode ID: ce8b7b015ba2ce6f5760ae4a7ad252b510b2ce63eb56a6e8977b34ef615c1ff7
                                                                • Instruction ID: 501dd3b8c38f78ee03da4b4addd92fe07e606919efbce402f521e0b33ba187dc
                                                                • Opcode Fuzzy Hash: ce8b7b015ba2ce6f5760ae4a7ad252b510b2ce63eb56a6e8977b34ef615c1ff7
                                                                • Instruction Fuzzy Hash: 214136B1D452199FDF12EFA4DD81ADEB7B9AF09380F1000E6E505EB141EB74AB44EB50
                                                                Function 00FD2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00FD2E1C
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD2E4F
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD2E84
                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00FD2EB6
                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00FD2EE0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD2EF1
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FD2F0B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$MessageSend
                                                                • String ID:
                                                                • API String ID: 2178440468-0
                                                                • Opcode ID: 9daac750774c36afdfd1965f4f6061b26723e6deb60357d4b42440470717358f
                                                                • Instruction ID: 47871149825b795eabfae01aa585e017a8a941909b04987835b46a1ae2dde876
                                                                • Opcode Fuzzy Hash: 9daac750774c36afdfd1965f4f6061b26723e6deb60357d4b42440470717358f
                                                                • Instruction Fuzzy Hash: 37311931A45145AFDB61CF28DC84F6537E2FBA9720F1901A6F6548B2A1CB75E840EB80
                                                                Function 00FA7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00FA7769
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00FA778F
                                                                • SysAllocString.OLEAUT32(00000000), ref: 00FA7792
                                                                • SysAllocString.OLEAUT32(?), ref: 00FA77B0
                                                                • SysFreeString.OLEAUT32(?), ref: 00FA77B9
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00FA77DE
                                                                • SysAllocString.OLEAUT32(?), ref: 00FA77EC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: 1bf1430377fc5d0d2af519ec7b8f2570b70335165c650a987954c8e825fba5af
                                                                • Instruction ID: 768ec550e3b1b66cdde8986e94a6998f084ab64c303d47569d007c02690bcbdb
                                                                • Opcode Fuzzy Hash: 1bf1430377fc5d0d2af519ec7b8f2570b70335165c650a987954c8e825fba5af
                                                                • Instruction Fuzzy Hash: C621C4B6A05219AFDF10EFB8CC88DBB77ADEB0A3647008126FA04DB150D670DC45E7A0
                                                                Function 00FA77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00FA7842
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00FA7868
                                                                • SysAllocString.OLEAUT32(00000000), ref: 00FA786B
                                                                • SysAllocString.OLEAUT32 ref: 00FA788C
                                                                • SysFreeString.OLEAUT32 ref: 00FA7895
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00FA78AF
                                                                • SysAllocString.OLEAUT32(?), ref: 00FA78BD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: 7735a7cc05f54a62f34f6e6f7dbf21ae6f8f8abcfbe4f937ba642dd8cf03bead
                                                                • Instruction ID: a3bd0e4b90a8d8d265a97c35c956b53b755cd04a3c317045ad9d79930775c4de
                                                                • Opcode Fuzzy Hash: 7735a7cc05f54a62f34f6e6f7dbf21ae6f8f8abcfbe4f937ba642dd8cf03bead
                                                                • Instruction Fuzzy Hash: 4621A771A05209AFDB10AFB8DC88DAA77ECEF0A3607108125F915CB1A5D678DC41EB64
                                                                Function 00FB04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(0000000C), ref: 00FB04F2
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00FB052E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: c03d71286ed03ce42039a15c88b167f8d2fda5a868f8d6ed4e105c5094f7e80b
                                                                • Instruction ID: 48baa9c34fe8bd2e69ac877f00f1dc36e7cfa7cf4a5c1aa83869196c2be9486a
                                                                • Opcode Fuzzy Hash: c03d71286ed03ce42039a15c88b167f8d2fda5a868f8d6ed4e105c5094f7e80b
                                                                • Instruction Fuzzy Hash: 44215CB590030AAFDB309F6ADC44A9B77A4AF45724F244A19E8A1D62E0DB709940EF60
                                                                Function 00FB05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00FB05C6
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00FB0601
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: 67ea564772a9f22c58c1e61a5177e03d5bde2dcba5e16202001ef7df2852d849
                                                                • Instruction ID: 4a69a2818b26b0d1e07b0838a826a6505470dbff2020a47e648435a0a44862a9
                                                                • Opcode Fuzzy Hash: 67ea564772a9f22c58c1e61a5177e03d5bde2dcba5e16202001ef7df2852d849
                                                                • Instruction Fuzzy Hash: 08213D759002169BDB209F6A9C04ADB77E5AF95730F200A19F8A1E72E0DA709960EF50
                                                                Function 00FD40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F4600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F4604C
                                                                  • Part of subcall function 00F4600E: GetStockObject.GDI32(00000011), ref: 00F46060
                                                                  • Part of subcall function 00F4600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F4606A
                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00FD4112
                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00FD411F
                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00FD412A
                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00FD4139
                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00FD4145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                • String ID: Msctls_Progress32
                                                                • API String ID: 1025951953-3636473452
                                                                • Opcode ID: 3387e54586edc52299f8dfb95a1ea3b9c9df766ed51edb38e5001fa53b8b6cf2
                                                                • Instruction ID: d0d2e6d2f36494b9d45f76b28c8080571ab60c4761feb8627763686cf1afb60b
                                                                • Opcode Fuzzy Hash: 3387e54586edc52299f8dfb95a1ea3b9c9df766ed51edb38e5001fa53b8b6cf2
                                                                • Instruction Fuzzy Hash: CC1193B2150119BFEF118E64CC85EE77F6DEF08798F004111BB58A6190C676AC21DBA4
                                                                Function 00F7D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F7D7A3: _free.LIBCMT ref: 00F7D7CC
                                                                • _free.LIBCMT ref: 00F7D82D
                                                                  • Part of subcall function 00F729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000), ref: 00F729DE
                                                                  • Part of subcall function 00F729C8: GetLastError.KERNEL32(00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000,00000000), ref: 00F729F0
                                                                • _free.LIBCMT ref: 00F7D838
                                                                • _free.LIBCMT ref: 00F7D843
                                                                • _free.LIBCMT ref: 00F7D897
                                                                • _free.LIBCMT ref: 00F7D8A2
                                                                • _free.LIBCMT ref: 00F7D8AD
                                                                • _free.LIBCMT ref: 00F7D8B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction ID: b99d4196b9d28b9dbb1c0da8723bd64cf0c25afdf5a85fcb1f1f813dedecb082
                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction Fuzzy Hash: C8115171540B04AAD529BFB4CC47FCBBBFC6F40700F848826B29DA6092DA69B5467652
                                                                Function 00FADA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00FADA74
                                                                • LoadStringW.USER32(00000000), ref: 00FADA7B
                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00FADA91
                                                                • LoadStringW.USER32(00000000), ref: 00FADA98
                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00FADADC
                                                                Strings
                                                                • %s (%d) : ==> %s: %s %s, xrefs: 00FADAB9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message
                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                • API String ID: 4072794657-3128320259
                                                                • Opcode ID: 5b6187763159aa399c2d43c655e4f067aff4b099cdad3649cb26edd0c3084a92
                                                                • Instruction ID: 8988d1d22a54b9af3e4076566d44ff6f306ec0d6ea5738b9f6fe654de6cb7c25
                                                                • Opcode Fuzzy Hash: 5b6187763159aa399c2d43c655e4f067aff4b099cdad3649cb26edd0c3084a92
                                                                • Instruction Fuzzy Hash: 460186F290021D7FE711ABB0DD89EEB336DE709701F400596B746E2042EA749E84AFB4
                                                                Function 00FB096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(014FE1F0,014FE1F0), ref: 00FB097B
                                                                • EnterCriticalSection.KERNEL32(014FE1D0,00000000), ref: 00FB098D
                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 00FB099B
                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00FB09A9
                                                                • CloseHandle.KERNEL32(?), ref: 00FB09B8
                                                                • InterlockedExchange.KERNEL32(014FE1F0,000001F6), ref: 00FB09C8
                                                                • LeaveCriticalSection.KERNEL32(014FE1D0), ref: 00FB09CF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                • String ID:
                                                                • API String ID: 3495660284-0
                                                                • Opcode ID: f86a9aa30be4d692d5c69afbdfa9de6b4df4d2b0aa072bd8c0378a697cc7987a
                                                                • Instruction ID: d3c43d30a9eca053d49f6bbd95be4dc957d4f9430264272cfbea359f33a36cfb
                                                                • Opcode Fuzzy Hash: f86a9aa30be4d692d5c69afbdfa9de6b4df4d2b0aa072bd8c0378a697cc7987a
                                                                • Instruction Fuzzy Hash: 43F01D31583517BBD7515BA5EE88BD67B36BF01712F401116F141908A0CB749465EFD0
                                                                Function 00F45D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClientRect.USER32(?,?), ref: 00F45D30
                                                                • GetWindowRect.USER32(?,?), ref: 00F45D71
                                                                • ScreenToClient.USER32(?,?), ref: 00F45D99
                                                                • GetClientRect.USER32(?,?), ref: 00F45ED7
                                                                • GetWindowRect.USER32(?,?), ref: 00F45EF8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$Client$Window$Screen
                                                                • String ID:
                                                                • API String ID: 1296646539-0
                                                                • Opcode ID: a073fac2e3279728813e2ded8e799360b5727ec0a7a137e0d2b4bdab9071ea84
                                                                • Instruction ID: caf0b8dbf07e53cfebc7014d956eb10fe208fcb51a36f84d091edacc06198077
                                                                • Opcode Fuzzy Hash: a073fac2e3279728813e2ded8e799360b5727ec0a7a137e0d2b4bdab9071ea84
                                                                • Instruction Fuzzy Hash: C9B16B35A0074ADBDB10EFA9C4407EEBBF1FF48310F14841AE8A9D7250DB34AA51EB54
                                                                Function 00F701B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __allrem.LIBCMT ref: 00F700BA
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F700D6
                                                                • __allrem.LIBCMT ref: 00F700ED
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F7010B
                                                                • __allrem.LIBCMT ref: 00F70122
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F70140
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                • String ID:
                                                                • API String ID: 1992179935-0
                                                                • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                • Instruction ID: 6ebba3bbe2debc2f84414e517953158fbc3fffbb11ed5080ed64c50b9d79132b
                                                                • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                • Instruction Fuzzy Hash: 60811872A00706DBE724AF28DC41B6B73E9AF45334F24823BF555D7281EBB4D904AB51
                                                                Function 00FC1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00FC101C,00000000,?,?,00000000), ref: 00FC3195
                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00FC1DC0
                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00FC1DE1
                                                                • WSAGetLastError.WSOCK32 ref: 00FC1DF2
                                                                • inet_ntoa.WSOCK32(?), ref: 00FC1E8C
                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00FC1EDB
                                                                • _strlen.LIBCMT ref: 00FC1F35
                                                                  • Part of subcall function 00FA39E8: _strlen.LIBCMT ref: 00FA39F2
                                                                  • Part of subcall function 00F46D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00F5CF58,?,?,?), ref: 00F46DBA
                                                                  • Part of subcall function 00F46D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00F5CF58,?,?,?), ref: 00F46DED
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                • String ID:
                                                                • API String ID: 1923757996-0
                                                                • Opcode ID: 57755da78fb6bd1f3fb0bfcd632fe357897f81920f8ac831cde2085caaa156e4
                                                                • Instruction ID: d4388e851a7029caa7e21254311ce277b33fc5e915ee2e1423602939930f456b
                                                                • Opcode Fuzzy Hash: 57755da78fb6bd1f3fb0bfcd632fe357897f81920f8ac831cde2085caaa156e4
                                                                • Instruction Fuzzy Hash: 05A1C131504341AFC314DF24C886F2ABBA5BF86318F54894CF8565B2A3CB75ED46EB92
                                                                Function 00F761FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00F682D9,00F682D9,?,?,?,00F7644F,00000001,00000001,8BE85006), ref: 00F76258
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00F7644F,00000001,00000001,8BE85006,?,?,?), ref: 00F762DE
                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00F763D8
                                                                • __freea.LIBCMT ref: 00F763E5
                                                                  • Part of subcall function 00F73820: RtlAllocateHeap.NTDLL(00000000,?,01011444,?,00F5FDF5,?,?,00F4A976,00000010,01011440,00F413FC,?,00F413C6,?,00F41129), ref: 00F73852
                                                                • __freea.LIBCMT ref: 00F763EE
                                                                • __freea.LIBCMT ref: 00F76413
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1414292761-0
                                                                • Opcode ID: 862821036aa2d34b6044cf38238b495ba8bac042b079027fc945b2098086329f
                                                                • Instruction ID: 405ce1b275bae35f5a85371210ee6f26aa2d424b11e430500b2267a6c17726fa
                                                                • Opcode Fuzzy Hash: 862821036aa2d34b6044cf38238b495ba8bac042b079027fc945b2098086329f
                                                                • Instruction Fuzzy Hash: 4E51D772A00616ABDF258F64CC81EAF77A9EF44760F15862AFC09D7241DB34DC44E762
                                                                Function 00FCBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FCC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00FCB6AE,?,?), ref: 00FCC9B5
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCC9F1
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCCA68
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCCA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FCBCCA
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00FCBD25
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00FCBD6A
                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00FCBD99
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00FCBDF3
                                                                • RegCloseKey.ADVAPI32(?), ref: 00FCBDFF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                • String ID:
                                                                • API String ID: 1120388591-0
                                                                • Opcode ID: 57d27709d293dc0cef5ac7ed65c2b061e42f8a3dc492f815e30cc2daf3e78cf7
                                                                • Instruction ID: dc6355bc57eb121432933a528e3e148a49c2cc0531aa53aa8e47309510cdefb8
                                                                • Opcode Fuzzy Hash: 57d27709d293dc0cef5ac7ed65c2b061e42f8a3dc492f815e30cc2daf3e78cf7
                                                                • Instruction Fuzzy Hash: 2A81A135608242AFC714DF24C986F2ABBE5FF84318F14455CF55A8B2A2CB31ED05EB92
                                                                Function 00F9F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000035), ref: 00F9F7B9
                                                                • SysAllocString.OLEAUT32(00000001), ref: 00F9F860
                                                                • VariantCopy.OLEAUT32(00F9FA64,00000000), ref: 00F9F889
                                                                • VariantClear.OLEAUT32(00F9FA64), ref: 00F9F8AD
                                                                • VariantCopy.OLEAUT32(00F9FA64,00000000), ref: 00F9F8B1
                                                                • VariantClear.OLEAUT32(?), ref: 00F9F8BB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                • String ID:
                                                                • API String ID: 3859894641-0
                                                                • Opcode ID: d806a1c17e611b66adcec1de6d7cd8e4b7ec691cc0fe07b0f7eb688b9ce49154
                                                                • Instruction ID: 009cebbb68c15aeb87e7e2a212e83c6a657390364449e0cbbdcc3330e5ae00f6
                                                                • Opcode Fuzzy Hash: d806a1c17e611b66adcec1de6d7cd8e4b7ec691cc0fe07b0f7eb688b9ce49154
                                                                • Instruction Fuzzy Hash: 9A510932A00310BAEF60AF65DC95769B3A5EF45320F248467ED05DF291DB74CC48EB96
                                                                Function 00FB910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F47620: _wcslen.LIBCMT ref: 00F47625
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00FB94E5
                                                                • _wcslen.LIBCMT ref: 00FB9506
                                                                • _wcslen.LIBCMT ref: 00FB952D
                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00FB9585
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$FileName$OpenSave
                                                                • String ID: X
                                                                • API String ID: 83654149-3081909835
                                                                • Opcode ID: b57546999dece2050cb4b47b4a62fe9511ba7249cc21b71d1ac7686bb7e0cff7
                                                                • Instruction ID: 424e0410f1619c61d7e9952620d8bf16eb2631970a74fa20a758ef6b7e678dd4
                                                                • Opcode Fuzzy Hash: b57546999dece2050cb4b47b4a62fe9511ba7249cc21b71d1ac7686bb7e0cff7
                                                                • Instruction Fuzzy Hash: AFE1B331908340CFD724DF25C881AAAB7E4BF85310F18896DF9899B3A2DB75DD05DB92
                                                                Function 00F5920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F59BB2
                                                                • BeginPaint.USER32(?,?,?), ref: 00F59241
                                                                • GetWindowRect.USER32(?,?), ref: 00F592A5
                                                                • ScreenToClient.USER32(?,?), ref: 00F592C2
                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00F592D3
                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00F59321
                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00F971EA
                                                                  • Part of subcall function 00F59339: BeginPath.GDI32(00000000), ref: 00F59357
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                • String ID:
                                                                • API String ID: 3050599898-0
                                                                • Opcode ID: d1da52f9fa07b22c0c2387973f8ad82f6dd714e30d1eccfd0bbc44911d9b96e1
                                                                • Instruction ID: 91b8290b866a469db641cbbfc0651786e9a2177eabe681d1c6afdf63219c13d3
                                                                • Opcode Fuzzy Hash: d1da52f9fa07b22c0c2387973f8ad82f6dd714e30d1eccfd0bbc44911d9b96e1
                                                                • Instruction Fuzzy Hash: 6D41B031509301EFDB25DF24CC84FBA7BA9EB55321F140229FAA4872E1C7759849EB61
                                                                Function 00FB07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 00FB080C
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00FB0847
                                                                • EnterCriticalSection.KERNEL32(?), ref: 00FB0863
                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00FB08DC
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00FB08F3
                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00FB0921
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                • String ID:
                                                                • API String ID: 3368777196-0
                                                                • Opcode ID: 14216e1f72c48955ff49dfdc85c66c2fff5966273ff1775c758684397b93c8a0
                                                                • Instruction ID: 14e9d82fe7b0a95632f50413f406571035f8cc6c865b26b6cabe0ce76e016a53
                                                                • Opcode Fuzzy Hash: 14216e1f72c48955ff49dfdc85c66c2fff5966273ff1775c758684397b93c8a0
                                                                • Instruction Fuzzy Hash: A8418B31900206EFDF14AF64DC85AAA77B9FF04310F1040A5ED009A297DB35DE64EBA0
                                                                Function 00FD81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00F9F3AB,00000000,?,?,00000000,?,00F9682C,00000004,00000000,00000000), ref: 00FD824C
                                                                • EnableWindow.USER32(?,00000000), ref: 00FD8272
                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00FD82D1
                                                                • ShowWindow.USER32(?,00000004), ref: 00FD82E5
                                                                • EnableWindow.USER32(?,00000001), ref: 00FD830B
                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00FD832F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Show$Enable$MessageSend
                                                                • String ID:
                                                                • API String ID: 642888154-0
                                                                • Opcode ID: 3095034d696511d59329f4a38aa6c194ae4b313610f3fdf9e68e57a93f2c76c8
                                                                • Instruction ID: 7d616440d14ac99cd3ee67abf14ebba8d43fe2c362ad43b01ae16e5f08c9efb8
                                                                • Opcode Fuzzy Hash: 3095034d696511d59329f4a38aa6c194ae4b313610f3fdf9e68e57a93f2c76c8
                                                                • Instruction Fuzzy Hash: DB419734A01644AFDB25CF25CC85BE47BF3FB06765F1C4266E6584B362CB369842DB50
                                                                Function 00FA4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 00FA4C95
                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00FA4CB2
                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00FA4CEA
                                                                • _wcslen.LIBCMT ref: 00FA4D08
                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00FA4D10
                                                                • _wcsstr.LIBVCRUNTIME ref: 00FA4D1A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                • String ID:
                                                                • API String ID: 72514467-0
                                                                • Opcode ID: e14fbac4e04ed38d23b90f47bfe77927e197e9804a12d515d0b9d1050d2d9554
                                                                • Instruction ID: 1c550acc666cb47963c3be968324b1f1e5d488421dc109a73586f78580335bdc
                                                                • Opcode Fuzzy Hash: e14fbac4e04ed38d23b90f47bfe77927e197e9804a12d515d0b9d1050d2d9554
                                                                • Instruction Fuzzy Hash: AE216E726041057BEB155B35DC05E3B7B9DDF86720F10403AF809CA191DFA4EC00F2A0
                                                                Function 00FB581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F43AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F43A97,?,?,00F42E7F,?,?,?,00000000), ref: 00F43AC2
                                                                • _wcslen.LIBCMT ref: 00FB587B
                                                                • CoInitialize.OLE32(00000000), ref: 00FB5995
                                                                • CoCreateInstance.OLE32(00FDFCF8,00000000,00000001,00FDFB68,?), ref: 00FB59AE
                                                                • CoUninitialize.OLE32 ref: 00FB59CC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 3172280962-24824748
                                                                • Opcode ID: e3a14945966cd1402d6eeb01150bd9f1a18478554bfca621ea187894ceb60fac
                                                                • Instruction ID: e5cd3c7b9ccef7e314b0836d370f0306f8733f41eb3b6b0144637d4bdc0c27a5
                                                                • Opcode Fuzzy Hash: e3a14945966cd1402d6eeb01150bd9f1a18478554bfca621ea187894ceb60fac
                                                                • Instruction Fuzzy Hash: D7D16571A047019FC714DF25C880A6ABBE5EF89B20F14885DF8899B361DB39EC45DF92
                                                                Function 00FA175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00FA0FCA
                                                                  • Part of subcall function 00FA0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00FA0FD6
                                                                  • Part of subcall function 00FA0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00FA0FE5
                                                                  • Part of subcall function 00FA0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00FA0FEC
                                                                  • Part of subcall function 00FA0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00FA1002
                                                                • GetLengthSid.ADVAPI32(?,00000000,00FA1335), ref: 00FA17AE
                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00FA17BA
                                                                • HeapAlloc.KERNEL32(00000000), ref: 00FA17C1
                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 00FA17DA
                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00FA1335), ref: 00FA17EE
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA17F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                • String ID:
                                                                • API String ID: 3008561057-0
                                                                • Opcode ID: 2f307ae3623ff4c9286d104cfa46a901877985dd85e80b1cbf875a68391b5646
                                                                • Instruction ID: 2a25f914cd1343948ef17cbcea1912430e576209ab350e508ce6561b0c6f1865
                                                                • Opcode Fuzzy Hash: 2f307ae3623ff4c9286d104cfa46a901877985dd85e80b1cbf875a68391b5646
                                                                • Instruction Fuzzy Hash: BE11B1B191121AFFDB109FA4CC49FAF7BA9FB42365F114119F44197151C7359940EBA0
                                                                Function 00FA14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00FA14FF
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00FA1506
                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00FA1515
                                                                • CloseHandle.KERNEL32(00000004), ref: 00FA1520
                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00FA154F
                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 00FA1563
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                • String ID:
                                                                • API String ID: 1413079979-0
                                                                • Opcode ID: 1a907acb1fa98a66dd901838c9a078ea6343356667b135ab082930949d786538
                                                                • Instruction ID: 769515af82b5d86e7d25286de3a929d135f28c5565b160bad94f4d35aaaa8802
                                                                • Opcode Fuzzy Hash: 1a907acb1fa98a66dd901838c9a078ea6343356667b135ab082930949d786538
                                                                • Instruction Fuzzy Hash: 41111AB290120EAFDF11CFA8DD49BDA7BAAFB49754F054115FA05A2060C3758E60EB60
                                                                Function 00F63382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00F63379,00F62FE5), ref: 00F63390
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F6339E
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F633B7
                                                                • SetLastError.KERNEL32(00000000,?,00F63379,00F62FE5), ref: 00F63409
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: d0c276f23b44184933cd18f29dbad822b870cd38dc14a257357ae65d59f78996
                                                                • Instruction ID: 72092f3311e2fd7dda37a4316069d6454316678b1d71c3572d26f844b1590476
                                                                • Opcode Fuzzy Hash: d0c276f23b44184933cd18f29dbad822b870cd38dc14a257357ae65d59f78996
                                                                • Instruction Fuzzy Hash: 0301F733A093117EFA267774BD8AA673BA4EB06379B20032AF510812E0EF174D11F684
                                                                Function 00F72D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00F75686,00F83CD6,?,00000000,?,00F75B6A,?,?,?,?,?,00F6E6D1,?,01008A48), ref: 00F72D78
                                                                • _free.LIBCMT ref: 00F72DAB
                                                                • _free.LIBCMT ref: 00F72DD3
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00F6E6D1,?,01008A48,00000010,00F44F4A,?,?,00000000,00F83CD6), ref: 00F72DE0
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00F6E6D1,?,01008A48,00000010,00F44F4A,?,?,00000000,00F83CD6), ref: 00F72DEC
                                                                • _abort.LIBCMT ref: 00F72DF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free$_abort
                                                                • String ID:
                                                                • API String ID: 3160817290-0
                                                                • Opcode ID: f066eb81cac56057eb4b9ee845b56d7f2ad4ebf99946cafc76e8566dc466139f
                                                                • Instruction ID: c1e76b79eff0356c5243d7b26ec2f5737a95b3e4f6be92cef1ae766d45f9b235
                                                                • Opcode Fuzzy Hash: f066eb81cac56057eb4b9ee845b56d7f2ad4ebf99946cafc76e8566dc466139f
                                                                • Instruction Fuzzy Hash: 31F0F43290560137C6B23339AC06E5E366AABC27B0F24C11BF92C921D6EE288841B163
                                                                Function 00FD8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F59693
                                                                  • Part of subcall function 00F59639: SelectObject.GDI32(?,00000000), ref: 00F596A2
                                                                  • Part of subcall function 00F59639: BeginPath.GDI32(?), ref: 00F596B9
                                                                  • Part of subcall function 00F59639: SelectObject.GDI32(?,00000000), ref: 00F596E2
                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00FD8A4E
                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00FD8A62
                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00FD8A70
                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00FD8A80
                                                                • EndPath.GDI32(?), ref: 00FD8A90
                                                                • StrokePath.GDI32(?), ref: 00FD8AA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                • String ID:
                                                                • API String ID: 43455801-0
                                                                • Opcode ID: ecf9f08ca72f5f243e5eccca6181027a56688aeb496131f691063091e120f913
                                                                • Instruction ID: 2a894404c3f131c21e37ea4499b8e1acbeeb74388ffc69d69d4c07366766a188
                                                                • Opcode Fuzzy Hash: ecf9f08ca72f5f243e5eccca6181027a56688aeb496131f691063091e120f913
                                                                • Instruction Fuzzy Hash: 1A111E7640114DFFDF119FA0DC48E9A7F6EEF04350F048012BA1596161C7769D55EFA0
                                                                Function 00FA51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 00FA5218
                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00FA5229
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FA5230
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00FA5238
                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00FA524F
                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00FA5261
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDevice$Release
                                                                • String ID:
                                                                • API String ID: 1035833867-0
                                                                • Opcode ID: aa8f9f2a5baa1c74b6c6f085163da4fc100faff84fef4e67e3788cada2323110
                                                                • Instruction ID: 3c6337e9c221b59c6a9eca22a39d2a200e55686bddb5003eff033e9227699a7d
                                                                • Opcode Fuzzy Hash: aa8f9f2a5baa1c74b6c6f085163da4fc100faff84fef4e67e3788cada2323110
                                                                • Instruction Fuzzy Hash: 7C018FB5E01719BBEB10ABB59C49B4EBFB9EF48751F044066FA04E7280D6709800DBA0
                                                                Function 00F41BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F41BF4
                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00F41BFC
                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F41C07
                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F41C12
                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00F41C1A
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F41C22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual
                                                                • String ID:
                                                                • API String ID: 4278518827-0
                                                                • Opcode ID: b4c962046b38588969aaf76314bd7a0954c29f6eff3cc1699a8272deca7042cd
                                                                • Instruction ID: 71e2f77f04591c19ede8edb9babd957f25ec4984bcf17efb6265c54cc84ef98f
                                                                • Opcode Fuzzy Hash: b4c962046b38588969aaf76314bd7a0954c29f6eff3cc1699a8272deca7042cd
                                                                • Instruction Fuzzy Hash: 0E0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                Function 00FAEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00FAEB30
                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00FAEB46
                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00FAEB55
                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00FAEB64
                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00FAEB6E
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00FAEB75
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 839392675-0
                                                                • Opcode ID: 3b61627246edccf8c42cb6b725a3cc83ad9ec30afcfa537f260f3adbb2120d3a
                                                                • Instruction ID: 70de74f41f5609f01e546ff4690768b0be8ba1b0d0538c9dd98a5775af0c2a51
                                                                • Opcode Fuzzy Hash: 3b61627246edccf8c42cb6b725a3cc83ad9ec30afcfa537f260f3adbb2120d3a
                                                                • Instruction Fuzzy Hash: EDF0307254216DBBEB215B629C0DEEF7B7DEFCAB11F00015AF601D1091D7A05A01E6F5
                                                                Function 00F97439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClientRect.USER32(?), ref: 00F97452
                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00F97469
                                                                • GetWindowDC.USER32(?), ref: 00F97475
                                                                • GetPixel.GDI32(00000000,?,?), ref: 00F97484
                                                                • ReleaseDC.USER32(?,00000000), ref: 00F97496
                                                                • GetSysColor.USER32(00000005), ref: 00F974B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                • String ID:
                                                                • API String ID: 272304278-0
                                                                • Opcode ID: 67159d5eb3f178ec61ce40d3b4616206de2a7a460131001d8f29e9589a51d57d
                                                                • Instruction ID: 7b339be14878f4f436a3803566799c54c812e3eb02f0f6169836f99595af2a1f
                                                                • Opcode Fuzzy Hash: 67159d5eb3f178ec61ce40d3b4616206de2a7a460131001d8f29e9589a51d57d
                                                                • Instruction Fuzzy Hash: F701A23240521AEFEB50AF74DC08BAD7BB6FF04321F540161F915A21A1CB311D41FB90
                                                                Function 00FA1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00FA187F
                                                                • UnloadUserProfile.USERENV(?,?), ref: 00FA188B
                                                                • CloseHandle.KERNEL32(?), ref: 00FA1894
                                                                • CloseHandle.KERNEL32(?), ref: 00FA189C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00FA18A5
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA18AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                • String ID:
                                                                • API String ID: 146765662-0
                                                                • Opcode ID: e47372024a67f6e1e21d25978ccf0d95d84a7c362f21ecce3f6bcf7564212a3e
                                                                • Instruction ID: 4ffa26b8b2407c89698450a1bcba326cf5918127a1253f62e3027904171a1be3
                                                                • Opcode Fuzzy Hash: e47372024a67f6e1e21d25978ccf0d95d84a7c362f21ecce3f6bcf7564212a3e
                                                                • Instruction Fuzzy Hash: A0E0ED3604511AFBDB016FB2ED0C905BF3AFF497227108222F225810B1CB325420EF90
                                                                Function 00FAC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F47620: _wcslen.LIBCMT ref: 00F47625
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FAC6EE
                                                                • _wcslen.LIBCMT ref: 00FAC735
                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FAC79C
                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00FAC7CA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                • String ID: 0
                                                                • API String ID: 1227352736-4108050209
                                                                • Opcode ID: a283a9955145ba2aecc73aada822d5d87a1b4d5489e30a163e1189bdc90c6897
                                                                • Instruction ID: 381a16b59f51ced2722106ad4e55b4fb1a7a8624bf2901c67c31ba5a41900a0c
                                                                • Opcode Fuzzy Hash: a283a9955145ba2aecc73aada822d5d87a1b4d5489e30a163e1189bdc90c6897
                                                                • Instruction Fuzzy Hash: B051AFB1A043019BD715DE28C885B6B7BE8AF4A324F040A2DF995D7291DB78D904EFD2
                                                                Function 00FA719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00FA7206
                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00FA723C
                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00FA724D
                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00FA72CF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                • String ID: DllGetClassObject
                                                                • API String ID: 753597075-1075368562
                                                                • Opcode ID: 646c0736fb4ab03dbe98a3b49a6798ca77de4e444025a5f477fcf9cb673e6fb1
                                                                • Instruction ID: 6632f206c0c98f1eb9e8572401aba0e593ddde3fb48f1433ea521a50c9e350a8
                                                                • Opcode Fuzzy Hash: 646c0736fb4ab03dbe98a3b49a6798ca77de4e444025a5f477fcf9cb673e6fb1
                                                                • Instruction Fuzzy Hash: 42418DB1A043049FDB15DF54CC84F9A7BE9EF45310F1480AABD059F24AD7B0D945EBA0
                                                                Function 00FD3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FD3E35
                                                                • IsMenu.USER32(?), ref: 00FD3E4A
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00FD3E92
                                                                • DrawMenuBar.USER32 ref: 00FD3EA5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                • String ID: 0
                                                                • API String ID: 3076010158-4108050209
                                                                • Opcode ID: 09fc70d76bdacda55fe503c7470af9eea3fa142de70fd5e3a4b547fcc80f4483
                                                                • Instruction ID: 9eaca0f4e5e2ae03ee0b1fdd92dc096fcd5d2c686d2229a96ee1601958c21487
                                                                • Opcode Fuzzy Hash: 09fc70d76bdacda55fe503c7470af9eea3fa142de70fd5e3a4b547fcc80f4483
                                                                • Instruction Fuzzy Hash: 45414D75A01209AFDB10DF60D884A9AB7B6FF45360F08411AEA1597390D734AE44EF91
                                                                Function 00FA1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FA3CCA
                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00FA1E66
                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00FA1E79
                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00FA1EA9
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 2081771294-1403004172
                                                                • Opcode ID: e0e2b6e8eefc59f28680e6cf5d0232d45ff31b6ea75876645cdbfb2a5ffff4f4
                                                                • Instruction ID: 55943e4895654a4b881b98683822d52b5380836061beef14644cb8816ddf28fb
                                                                • Opcode Fuzzy Hash: e0e2b6e8eefc59f28680e6cf5d0232d45ff31b6ea75876645cdbfb2a5ffff4f4
                                                                • Instruction Fuzzy Hash: A121E5B1A00108BADB14AB64DC86CFFBBB9EF46360F144119FD25A71E1DB785909BA60
                                                                Function 00FCC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                • API String ID: 176396367-4004644295
                                                                • Opcode ID: 8212b445a5f0bc2cb9213bf407d018c0cc8b93eac8d361f625d2c449fa0e0f82
                                                                • Instruction ID: 065ebd9ecc07bce2234d266cc7ce676262f7b05d3a00cd4c5eedc458c49b4481
                                                                • Opcode Fuzzy Hash: 8212b445a5f0bc2cb9213bf407d018c0cc8b93eac8d361f625d2c449fa0e0f82
                                                                • Instruction Fuzzy Hash: 8E31F733E0016B4ADB20EE6DDE66ABE37915B61760F05401DE889AB245E67DDD40B3E0
                                                                Function 00FD2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00FD2F8D
                                                                • LoadLibraryW.KERNEL32(?), ref: 00FD2F94
                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00FD2FA9
                                                                • DestroyWindow.USER32(?), ref: 00FD2FB1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                • String ID: SysAnimate32
                                                                • API String ID: 3529120543-1011021900
                                                                • Opcode ID: 678b2e2699e8b41449a2ffa0f92266197a43fff7c20191d777fb47fada44bd20
                                                                • Instruction ID: 62724d6270d0cc40e8b526c0ffe6b309a32d53fc814bdea141ddbf8a3a9fce9c
                                                                • Opcode Fuzzy Hash: 678b2e2699e8b41449a2ffa0f92266197a43fff7c20191d777fb47fada44bd20
                                                                • Instruction Fuzzy Hash: 4D21DE71704209ABEB104F64DC80EBB37BAEF69334F140A1AF954D6290C771DC41B7A0
                                                                Function 00F64D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00F64D1E,00F728E9,?,00F64CBE,00F728E9,010088B8,0000000C,00F64E15,00F728E9,00000002), ref: 00F64D8D
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F64DA0
                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00F64D1E,00F728E9,?,00F64CBE,00F728E9,010088B8,0000000C,00F64E15,00F728E9,00000002,00000000), ref: 00F64DC3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: b9a56c3dbde097d2a2ece74b20fdd88827678dab514fa1c6d70b06e23f732e93
                                                                • Instruction ID: a2a781307a38e4181a53d5b7a9d57c11a5ff944e6803a091bedf2f3f447a9ec8
                                                                • Opcode Fuzzy Hash: b9a56c3dbde097d2a2ece74b20fdd88827678dab514fa1c6d70b06e23f732e93
                                                                • Instruction Fuzzy Hash: 08F04F34A4121DBBDB119FA1DC49BAEBBB9EF44752F0401A5F805A2250CF75A980EBD1
                                                                Function 00F44E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F44EDD,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44E9C
                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F44EAE
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00F44EDD,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44EC0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-3689287502
                                                                • Opcode ID: f5eac970062153b9ddb06297d2c2ea7e342e7571e9806f109f7813454dc39ad9
                                                                • Instruction ID: 11a3e6eef6915fdf737457b59a11c8c461f87d8c2558598317cc08a0f3256468
                                                                • Opcode Fuzzy Hash: f5eac970062153b9ddb06297d2c2ea7e342e7571e9806f109f7813454dc39ad9
                                                                • Instruction Fuzzy Hash: EDE08C36E026339BD2225B35AC1CB6BBA59AF81B72B090117FC00E2250DF60DD02E0E1
                                                                Function 00F44E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F83CDE,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44E62
                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F44E74
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00F83CDE,?,01011418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F44E87
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-1355242751
                                                                • Opcode ID: f1822f05e2c94e754ab1d4ec119dcd3ba9221d4733379df2779f103cb01aadc4
                                                                • Instruction ID: 9c3df3e97a083602b56d5d30d36037001b52279ef1ed29fee2e101055b2a52a7
                                                                • Opcode Fuzzy Hash: f1822f05e2c94e754ab1d4ec119dcd3ba9221d4733379df2779f103cb01aadc4
                                                                • Instruction Fuzzy Hash: 18D01235903633575A221B356C18F8B7F19AF85B653050617BD05F7155CF61DD01E5D0
                                                                Function 00FB2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FB2C05
                                                                • DeleteFileW.KERNEL32(?), ref: 00FB2C87
                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00FB2C9D
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FB2CAE
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FB2CC0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Delete$Copy
                                                                • String ID:
                                                                • API String ID: 3226157194-0
                                                                • Opcode ID: 746d6ef5225dfb4824e1513da3f38a363c193ed06ee4a1875926f9b778dd99a4
                                                                • Instruction ID: 00d59028011cb3efe5d947afda8a6fdd9d8ec4a1f9f650a0ba915307c0a8fc02
                                                                • Opcode Fuzzy Hash: 746d6ef5225dfb4824e1513da3f38a363c193ed06ee4a1875926f9b778dd99a4
                                                                • Instruction Fuzzy Hash: 84B16F72E0011DABDF11EFA5CC85EDEBB7DEF48350F1040A6FA09E6151EA349A449F61
                                                                Function 00FCA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcessId.KERNEL32 ref: 00FCA427
                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00FCA435
                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00FCA468
                                                                • CloseHandle.KERNEL32(?), ref: 00FCA63D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                • String ID:
                                                                • API String ID: 3488606520-0
                                                                • Opcode ID: ab213dd880863854339d9859e9ba20e06327c84e097a75261127143d66520551
                                                                • Instruction ID: fe7622760cded2c9bcac9441af47c67ad778fe48906cb9297c7ae89cb4d3045d
                                                                • Opcode Fuzzy Hash: ab213dd880863854339d9859e9ba20e06327c84e097a75261127143d66520551
                                                                • Instruction Fuzzy Hash: 67A1D0716043019FD720DF24C986F2AB7E1AF84724F14881DF99A9B392DBB5EC05DB92
                                                                Function 00FAE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00FACF22,?), ref: 00FADDFD
                                                                  • Part of subcall function 00FADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00FACF22,?), ref: 00FADE16
                                                                  • Part of subcall function 00FAE199: GetFileAttributesW.KERNEL32(?,00FACF95), ref: 00FAE19A
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00FAE473
                                                                • MoveFileW.KERNEL32(?,?), ref: 00FAE4AC
                                                                • _wcslen.LIBCMT ref: 00FAE5EB
                                                                • _wcslen.LIBCMT ref: 00FAE603
                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00FAE650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                • String ID:
                                                                • API String ID: 3183298772-0
                                                                • Opcode ID: e8f4693c4ed0fd2baccd06f2eaa5463d1bc59b6123c0de546333c3ac997f0886
                                                                • Instruction ID: 529c6fd50ad3f3cee8d7e8e1124ed0a1837ece560361674bcb8518705080c00f
                                                                • Opcode Fuzzy Hash: e8f4693c4ed0fd2baccd06f2eaa5463d1bc59b6123c0de546333c3ac997f0886
                                                                • Instruction Fuzzy Hash: EE5182F25083459BC724EBA4DC819DFB3ECAF85350F00491EF689D3151EF78A6889766
                                                                Function 00FCB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FCC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00FCB6AE,?,?), ref: 00FCC9B5
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCC9F1
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCCA68
                                                                  • Part of subcall function 00FCC998: _wcslen.LIBCMT ref: 00FCCA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FCBAA5
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00FCBB00
                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00FCBB63
                                                                • RegCloseKey.ADVAPI32(?,?), ref: 00FCBBA6
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00FCBBB3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 826366716-0
                                                                • Opcode ID: 23d298a815530643d51dfce31ebc1d14c3fdd8b8129b2c66421af5d064e5ba9b
                                                                • Instruction ID: 2f4de27edb817e67572f6e955ad8aeef19ad952adb79e942d24b7a208254b20f
                                                                • Opcode Fuzzy Hash: 23d298a815530643d51dfce31ebc1d14c3fdd8b8129b2c66421af5d064e5ba9b
                                                                • Instruction Fuzzy Hash: 5561C535608242AFC314DF14C996F2ABBE5FF84314F14855CF4998B292CB35ED45DB92
                                                                Function 00FA8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00FA8BCD
                                                                • VariantClear.OLEAUT32 ref: 00FA8C3E
                                                                • VariantClear.OLEAUT32 ref: 00FA8C9D
                                                                • VariantClear.OLEAUT32(?), ref: 00FA8D10
                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00FA8D3B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$Clear$ChangeInitType
                                                                • String ID:
                                                                • API String ID: 4136290138-0
                                                                • Opcode ID: c69088b4cc08b3cfd3edecb41d7e70472c61e47dce50b87530259c77634bcd79
                                                                • Instruction ID: aa5ab59f4cfc28a6e587215d87bf8beba0418230e3e4d6738dfcea3b54378763
                                                                • Opcode Fuzzy Hash: c69088b4cc08b3cfd3edecb41d7e70472c61e47dce50b87530259c77634bcd79
                                                                • Instruction Fuzzy Hash: 9B516CB5A0021AEFCB14CF68C894AAAB7F9FF89350B158559F905DB350E770E912CF90
                                                                Function 00FB8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00FB8BAE
                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00FB8BDA
                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00FB8C32
                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00FB8C57
                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00FB8C5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                • String ID:
                                                                • API String ID: 2832842796-0
                                                                • Opcode ID: 40e4080c4adc2eb043fd9df49e66e77544eee1ec15b2a6b9695152cbcde92d49
                                                                • Instruction ID: c1c4a4d4af6312aaa2ee4a53dfce124d9ed3412f2ff8bb8c5ebf67906c74b060
                                                                • Opcode Fuzzy Hash: 40e4080c4adc2eb043fd9df49e66e77544eee1ec15b2a6b9695152cbcde92d49
                                                                • Instruction Fuzzy Hash: 23515C75A002199FCB00EF65C881AADBBF5FF48314F088459E849AB362CB35ED41EF90
                                                                Function 00FC8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00FC8F40
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00FC8FD0
                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00FC8FEC
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00FC9032
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00FC9052
                                                                  • Part of subcall function 00F5F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00FB1043,?,753CE610), ref: 00F5F6E6
                                                                  • Part of subcall function 00F5F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00F9FA64,00000000,00000000,?,?,00FB1043,?,753CE610,?,00F9FA64), ref: 00F5F70D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                • String ID:
                                                                • API String ID: 666041331-0
                                                                • Opcode ID: 99d52cd91843ed05ac799d9135ad4ec8d1e47f2325403a94a6d41efb10c5b503
                                                                • Instruction ID: b2201e93d3325f503f411a4ac4ddcbe0293c909af218aad6c18fd77756e5caca
                                                                • Opcode Fuzzy Hash: 99d52cd91843ed05ac799d9135ad4ec8d1e47f2325403a94a6d41efb10c5b503
                                                                • Instruction Fuzzy Hash: 92515B35A05206DFC701DF68C585DADBBF1FF49324B088099E8099B362DB75ED86EB90
                                                                Function 00FD6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00FD6C33
                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00FD6C4A
                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00FD6C73
                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00FBAB79,00000000,00000000), ref: 00FD6C98
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00FD6CC7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$MessageSendShow
                                                                • String ID:
                                                                • API String ID: 3688381893-0
                                                                • Opcode ID: cd028815462476e164ca5f9d0e6654764210926fedbd06ed30672d6294a0c2b7
                                                                • Instruction ID: ba3215584f75b94eb0f2e43883d2621f603a932845ba93453bb678aad0a86a63
                                                                • Opcode Fuzzy Hash: cd028815462476e164ca5f9d0e6654764210926fedbd06ed30672d6294a0c2b7
                                                                • Instruction Fuzzy Hash: F841A235A14104AFD724CF38CC44FA97BA6EB49361F19026AF999E73E0C771AD41EA80
                                                                Function 00F72051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: 4d61a5e81623e451b68cd008ab4f7466f0f91647e33c3f3819c5589d50a48124
                                                                • Instruction ID: 6291b773314e40fc3ce93ed3238e3a8c63749346c20906a10b05698dab035144
                                                                • Opcode Fuzzy Hash: 4d61a5e81623e451b68cd008ab4f7466f0f91647e33c3f3819c5589d50a48124
                                                                • Instruction Fuzzy Hash: 2A41E632E002009FCB20DF78C881A5DB3F5EF89320F1585AAEA19EB351D731AD01EB91
                                                                Function 00FB3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetInputState.USER32 ref: 00FB38CB
                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00FB3922
                                                                • TranslateMessage.USER32(?), ref: 00FB394B
                                                                • DispatchMessageW.USER32(?), ref: 00FB3955
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FB3966
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                • String ID:
                                                                • API String ID: 2256411358-0
                                                                • Opcode ID: 16636be3ae03864d780817b70ff568248bf203dcc2f0382909df702a914a97e5
                                                                • Instruction ID: 0d29ca04c556c4696f7f7bd16b20ee7e5bff3052e323a99c437526007dcc1986
                                                                • Opcode Fuzzy Hash: 16636be3ae03864d780817b70ff568248bf203dcc2f0382909df702a914a97e5
                                                                • Instruction Fuzzy Hash: 1E312971D84346EEEB39CB36D848BF637A9AB01310F04415DE5A2C2094E7B9A684EF11
                                                                Function 00FBCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 00FBCF38
                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00FBCF6F
                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,00FBC21E,00000000), ref: 00FBCFB4
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00FBC21E,00000000), ref: 00FBCFC8
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00FBC21E,00000000), ref: 00FBCFF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                • String ID:
                                                                • API String ID: 3191363074-0
                                                                • Opcode ID: 6836ed25f000aa7ea1a0ebb74e349d3cbb36896692df77ca15e05ec833d82e3b
                                                                • Instruction ID: c0b6fc01cbe4487290a03453cfc6487a9eb51ae7848886044e94acdccd573d16
                                                                • Opcode Fuzzy Hash: 6836ed25f000aa7ea1a0ebb74e349d3cbb36896692df77ca15e05ec833d82e3b
                                                                • Instruction Fuzzy Hash: 11314D71A00206AFDB20DFA6C884ABBBBFAEB14351B1044AEF516D2140D730AD45EFB0
                                                                Function 00FA1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00FA1915
                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 00FA19C1
                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 00FA19C9
                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 00FA19DA
                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00FA19E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleep$RectWindow
                                                                • String ID:
                                                                • API String ID: 3382505437-0
                                                                • Opcode ID: e397094ff0b3015abb957fa96cb1fb0545e6676041a91d932880ac2b3e5bebd3
                                                                • Instruction ID: 93f1b515079dd89fde2d016f480583b28cd85b328f56152472c3baddf9407dde
                                                                • Opcode Fuzzy Hash: e397094ff0b3015abb957fa96cb1fb0545e6676041a91d932880ac2b3e5bebd3
                                                                • Instruction Fuzzy Hash: AB31B3B190021DEFCB10CFA8CD59ADE3BB5FB09325F114225F925A72D1C7709954EB90
                                                                Function 00FD5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00FD5745
                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00FD579D
                                                                • _wcslen.LIBCMT ref: 00FD57AF
                                                                • _wcslen.LIBCMT ref: 00FD57BA
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00FD5816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen
                                                                • String ID:
                                                                • API String ID: 763830540-0
                                                                • Opcode ID: 5763a3c3c1b7d731af9fbaff6aa4a945630af561166029a17d16c65944a9d398
                                                                • Instruction ID: 3fd28d9a243d3c0d96dd1a737f9ce766a05a2cf8546f1b86bad9fe6c9e9967e9
                                                                • Opcode Fuzzy Hash: 5763a3c3c1b7d731af9fbaff6aa4a945630af561166029a17d16c65944a9d398
                                                                • Instruction Fuzzy Hash: A521A231D04618DADB20DFA4CC85AEE77BAFF05B20F148217E929EB280D7749985EF51
                                                                Function 00FC0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindow.USER32(00000000), ref: 00FC0951
                                                                • GetForegroundWindow.USER32 ref: 00FC0968
                                                                • GetDC.USER32(00000000), ref: 00FC09A4
                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00FC09B0
                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00FC09E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ForegroundPixelRelease
                                                                • String ID:
                                                                • API String ID: 4156661090-0
                                                                • Opcode ID: 9e00da558408cd139956ae5d0843fb5a6f2531c8cd860de95314cdae8b83635c
                                                                • Instruction ID: 1f1e817b426fb840501c1f85ac07aa7ccada190bcb409ba7959f805222333b63
                                                                • Opcode Fuzzy Hash: 9e00da558408cd139956ae5d0843fb5a6f2531c8cd860de95314cdae8b83635c
                                                                • Instruction Fuzzy Hash: CF215E35600214AFD714EF65CD85AAEBBE5EF44700F048069F84A97752CA34EC04EB90
                                                                Function 00F7CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00F7CDC6
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F7CDE9
                                                                  • Part of subcall function 00F73820: RtlAllocateHeap.NTDLL(00000000,?,01011444,?,00F5FDF5,?,?,00F4A976,00000010,01011440,00F413FC,?,00F413C6,?,00F41129), ref: 00F73852
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00F7CE0F
                                                                • _free.LIBCMT ref: 00F7CE22
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F7CE31
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                • String ID:
                                                                • API String ID: 336800556-0
                                                                • Opcode ID: e036c21a6cf6090beab55bb69204c797f9848e7c6939e17cd68b2f93948cb10a
                                                                • Instruction ID: 09b8d7bbc49bc202a70c2fd87aff2acb9b3080c13f4be878111d3920939e37ba
                                                                • Opcode Fuzzy Hash: e036c21a6cf6090beab55bb69204c797f9848e7c6939e17cd68b2f93948cb10a
                                                                • Instruction Fuzzy Hash: 9C018472A026157F272116BA6C88D7B7A6DDFC6BB1315812FF909C7201EA658D02B1F2
                                                                Function 00F59639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F59693
                                                                • SelectObject.GDI32(?,00000000), ref: 00F596A2
                                                                • BeginPath.GDI32(?), ref: 00F596B9
                                                                • SelectObject.GDI32(?,00000000), ref: 00F596E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 90435018efa6e75880ddf3e0e300316dfe6f8a27d5c6c37479759729795a2f10
                                                                • Instruction ID: 4cb788a48e0bf471adc7d0a6872aa79cd423513e60851324b6177fe23ce19784
                                                                • Opcode Fuzzy Hash: 90435018efa6e75880ddf3e0e300316dfe6f8a27d5c6c37479759729795a2f10
                                                                • Instruction Fuzzy Hash: 57219531C16306EFDB299F34DC097A97BA6BB00326F100216FA60961E4D3BD5859EF90
                                                                Function 00FA5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: e53b1a7d86ea1316e803e1374eacd076308fbae5c00cde4a1760366fe40c3475
                                                                • Instruction ID: 5919772c3d9165507e2c2e2275b3124691c6510d7a25313b8e6ade90ce18fda4
                                                                • Opcode Fuzzy Hash: e53b1a7d86ea1316e803e1374eacd076308fbae5c00cde4a1760366fe40c3475
                                                                • Instruction Fuzzy Hash: F401F9E2641A0DFBD21851109D42FBB734DAB62BB4F084021FD16BE341F720ED14B2A1
                                                                Function 00F72DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00F6F2DE,00F73863,01011444,?,00F5FDF5,?,?,00F4A976,00000010,01011440,00F413FC,?,00F413C6), ref: 00F72DFD
                                                                • _free.LIBCMT ref: 00F72E32
                                                                • _free.LIBCMT ref: 00F72E59
                                                                • SetLastError.KERNEL32(00000000,00F41129), ref: 00F72E66
                                                                • SetLastError.KERNEL32(00000000,00F41129), ref: 00F72E6F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free
                                                                • String ID:
                                                                • API String ID: 3170660625-0
                                                                • Opcode ID: 836da9d47b7ba9959f3665e8e1f88c9a69b5da0af17c40c82f9610f116e4411e
                                                                • Instruction ID: 64b70eb0c449ed306835022a56d8cfb862a6f2fbf63c52ba20f1d424b38e8822
                                                                • Opcode Fuzzy Hash: 836da9d47b7ba9959f3665e8e1f88c9a69b5da0af17c40c82f9610f116e4411e
                                                                • Instruction Fuzzy Hash: 8F01F93250560177D65327396C45D2B366AABC5371B24C12BF96D921C6EF298C41B163
                                                                Function 00FA000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?,?,?,00FA035E), ref: 00FA002B
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?,?), ref: 00FA0046
                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?,?), ref: 00FA0054
                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?), ref: 00FA0064
                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F9FF41,80070057,?,?), ref: 00FA0070
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                • String ID:
                                                                • API String ID: 3897988419-0
                                                                • Opcode ID: bc2f5200010b38f4d2533d33de1bee8ba924ae760fc21e90134e300871ff6726
                                                                • Instruction ID: 4df98cbcec28dc3f3fad4f03fde4d5ff15ce20b6a160444fc74614f86c7107aa
                                                                • Opcode Fuzzy Hash: bc2f5200010b38f4d2533d33de1bee8ba924ae760fc21e90134e300871ff6726
                                                                • Instruction Fuzzy Hash: 86018FB2601609BFDB104F68EC04FAA7BBEEB44761F148125F905D2210DB71DD40FBA0
                                                                Function 00FAE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00FAE997
                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 00FAE9A5
                                                                • Sleep.KERNEL32(00000000), ref: 00FAE9AD
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00FAE9B7
                                                                • Sleep.KERNEL32 ref: 00FAE9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                • String ID:
                                                                • API String ID: 2833360925-0
                                                                • Opcode ID: 87b5fdf6ad4a35f5c2b6896b5369782e0f3612194f046d03862e1a6b6289c41c
                                                                • Instruction ID: 82f1e20f8d9bfe96c9a31615443832e1fe602270ae29a32534fe538ef8196caf
                                                                • Opcode Fuzzy Hash: 87b5fdf6ad4a35f5c2b6896b5369782e0f3612194f046d03862e1a6b6289c41c
                                                                • Instruction Fuzzy Hash: 09015771C0262EDBCF00ABF5DC49AEEBB79BF0E311F000546E502B2241CB309550EBA1
                                                                Function 00FA10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00FA1114
                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA1120
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA112F
                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00FA0B9B,?,?,?), ref: 00FA1136
                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00FA114D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 842720411-0
                                                                • Opcode ID: ee762e25340f7fa357034d0a825f13517399269d263f04369be2c4d889bc1f92
                                                                • Instruction ID: 75ac2c51fa3dadebf21084d601c20ba49552c04d13c9cbd77bce39410b903e14
                                                                • Opcode Fuzzy Hash: ee762e25340f7fa357034d0a825f13517399269d263f04369be2c4d889bc1f92
                                                                • Instruction Fuzzy Hash: 49016D7550121ABFDB114F65DC49A6A3B6EFF86374B110415FA45C3360DA31DC00EAA0
                                                                Function 00FA0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00FA0FCA
                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00FA0FD6
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00FA0FE5
                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00FA0FEC
                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00FA1002
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: 65d6febbbd34acacd00147774d3e15f540c9c709e17a568b8ae0a684ea026a5e
                                                                • Instruction ID: 459e2ef554686e596fa33ed941259face21b627db8f63868130dd36009441889
                                                                • Opcode Fuzzy Hash: 65d6febbbd34acacd00147774d3e15f540c9c709e17a568b8ae0a684ea026a5e
                                                                • Instruction Fuzzy Hash: 00F0A97520131AEBDB210FB59C4DF563BAEFF8A762F114416FA49C6291CA30DC40EAA0
                                                                Function 00FA1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00FA102A
                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00FA1036
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00FA1045
                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00FA104C
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00FA1062
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: f51192bb858ee6f94c2a443c1b49afcadf8fb09e6dd3a3b704dfdf4f45a54db8
                                                                • Instruction ID: 9398a725e4b21fac3b0c01b130f80502e52045b3548b95f27c770c0004a4110f
                                                                • Opcode Fuzzy Hash: f51192bb858ee6f94c2a443c1b49afcadf8fb09e6dd3a3b704dfdf4f45a54db8
                                                                • Instruction Fuzzy Hash: 0EF0CD7520131AEBDB211FB5EC4CF563BAEFF8A761F114416FA45C7290CA70D840EAA0
                                                                Function 00FB030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(?,?,?,?,00FB017D,?,00FB32FC,?,00000001,00F82592,?), ref: 00FB0324
                                                                • CloseHandle.KERNEL32(?,?,?,?,00FB017D,?,00FB32FC,?,00000001,00F82592,?), ref: 00FB0331
                                                                • CloseHandle.KERNEL32(?,?,?,?,00FB017D,?,00FB32FC,?,00000001,00F82592,?), ref: 00FB033E
                                                                • CloseHandle.KERNEL32(?,?,?,?,00FB017D,?,00FB32FC,?,00000001,00F82592,?), ref: 00FB034B
                                                                • CloseHandle.KERNEL32(?,?,?,?,00FB017D,?,00FB32FC,?,00000001,00F82592,?), ref: 00FB0358
                                                                • CloseHandle.KERNEL32(?,?,?,?,00FB017D,?,00FB32FC,?,00000001,00F82592,?), ref: 00FB0365
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: 47556a8275a4acb740a206071221734f91a604b925333a9cc98e9e7cdda3ccca
                                                                • Instruction ID: 3ffec99fe3ed25faec96e067f08414e3abe353d234e51e498245f55bff34eb19
                                                                • Opcode Fuzzy Hash: 47556a8275a4acb740a206071221734f91a604b925333a9cc98e9e7cdda3ccca
                                                                • Instruction Fuzzy Hash: CB01A272801B159FC730AF66D890457F7F5BF503253198A3FD19652931CB71A954EF80
                                                                Function 00F7D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00F7D752
                                                                  • Part of subcall function 00F729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000), ref: 00F729DE
                                                                  • Part of subcall function 00F729C8: GetLastError.KERNEL32(00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000,00000000), ref: 00F729F0
                                                                • _free.LIBCMT ref: 00F7D764
                                                                • _free.LIBCMT ref: 00F7D776
                                                                • _free.LIBCMT ref: 00F7D788
                                                                • _free.LIBCMT ref: 00F7D79A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: ff97ceb1c79c382ed8f096ef67138512558bdaeaa1916e2fb907988ab13db04c
                                                                • Instruction ID: 5193733973461c0909bb089f75f8368653853ec5a887681f201b73c133efe1c9
                                                                • Opcode Fuzzy Hash: ff97ceb1c79c382ed8f096ef67138512558bdaeaa1916e2fb907988ab13db04c
                                                                • Instruction Fuzzy Hash: 48F031329002046B8669EB68FAC5C1677FDBF44330FD8880AF14CE7505C729FC816766
                                                                Function 00FA5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003E9), ref: 00FA5C58
                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00FA5C6F
                                                                • MessageBeep.USER32(00000000), ref: 00FA5C87
                                                                • KillTimer.USER32(?,0000040A), ref: 00FA5CA3
                                                                • EndDialog.USER32(?,00000001), ref: 00FA5CBD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                • String ID:
                                                                • API String ID: 3741023627-0
                                                                • Opcode ID: 225eab1076b9832c59756b889aecf8c8ae0ead7038198d0fd6c7d38db23da82a
                                                                • Instruction ID: f39954bf7c3da5390212cc7d226914639bdb4bbb0f9e2e9a188dc130298f8030
                                                                • Opcode Fuzzy Hash: 225eab1076b9832c59756b889aecf8c8ae0ead7038198d0fd6c7d38db23da82a
                                                                • Instruction Fuzzy Hash: CE01DB715007049BEB205B30ED4EF9677B9FB01F15F00025AA543A10E1D7F4A944EA90
                                                                Function 00F722A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00F722BE
                                                                  • Part of subcall function 00F729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000), ref: 00F729DE
                                                                  • Part of subcall function 00F729C8: GetLastError.KERNEL32(00000000,?,00F7D7D1,00000000,00000000,00000000,00000000,?,00F7D7F8,00000000,00000007,00000000,?,00F7DBF5,00000000,00000000), ref: 00F729F0
                                                                • _free.LIBCMT ref: 00F722D0
                                                                • _free.LIBCMT ref: 00F722E3
                                                                • _free.LIBCMT ref: 00F722F4
                                                                • _free.LIBCMT ref: 00F72305
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: b1b7b9b0939683de59835d79ef961ab54cb7c7e47c3b8a0cf1b27b6c3183b84d
                                                                • Instruction ID: 997299f20f20c1bd7dc5e79f5d142ca15cfc6e31c0105941a539251c34515b6b
                                                                • Opcode Fuzzy Hash: b1b7b9b0939683de59835d79ef961ab54cb7c7e47c3b8a0cf1b27b6c3183b84d
                                                                • Instruction Fuzzy Hash: B6F030B08011108B9667AF78F8028487B74B718760F05464BF5D8D22ADC73E0591BBA6
                                                                Function 00F595C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EndPath.GDI32(?), ref: 00F595D4
                                                                • StrokeAndFillPath.GDI32(?,?,00F971F7,00000000,?,?,?), ref: 00F595F0
                                                                • SelectObject.GDI32(?,00000000), ref: 00F59603
                                                                • DeleteObject.GDI32 ref: 00F59616
                                                                • StrokePath.GDI32(?), ref: 00F59631
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                • String ID:
                                                                • API String ID: 2625713937-0
                                                                • Opcode ID: 27f6ecfde111feb6ea99ab741072c8275a8bd4ee546481a83ffb2d7ad45a371a
                                                                • Instruction ID: 1e44e754196e959efff1c6c6f71b33e92dadd93d441fb3562be9ebf3171154b6
                                                                • Opcode Fuzzy Hash: 27f6ecfde111feb6ea99ab741072c8275a8bd4ee546481a83ffb2d7ad45a371a
                                                                • Instruction Fuzzy Hash: B1F0313140A209DBDB2A5F75ED0C7643B63AB00332F048215FAA5550F4C7798559EF60
                                                                Function 00F70F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: __freea$_free
                                                                • String ID: a/p$am/pm
                                                                • API String ID: 3432400110-3206640213
                                                                • Opcode ID: 427719f160c2c41d996b0810c0bb368a49d2747d9bbc240cd2a844dc901ae92b
                                                                • Instruction ID: 7ed07ae6fd2a515472748e7176682fa97e122b745938d7c3cc3fd723e8f1af13
                                                                • Opcode Fuzzy Hash: 427719f160c2c41d996b0810c0bb368a49d2747d9bbc240cd2a844dc901ae92b
                                                                • Instruction Fuzzy Hash: D6D1F232D00205DADB649F6CC895BFAB7B5FF05320F28811BE509AB641D3759D88EB53
                                                                Function 00FC7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F60242: EnterCriticalSection.KERNEL32(0101070C,01011884,?,?,00F5198B,01012518,?,?,?,00F412F9,00000000), ref: 00F6024D
                                                                  • Part of subcall function 00F60242: LeaveCriticalSection.KERNEL32(0101070C,?,00F5198B,01012518,?,?,?,00F412F9,00000000), ref: 00F6028A
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00F600A3: __onexit.LIBCMT ref: 00F600A9
                                                                • __Init_thread_footer.LIBCMT ref: 00FC7BFB
                                                                  • Part of subcall function 00F601F8: EnterCriticalSection.KERNEL32(0101070C,?,?,00F58747,01012514), ref: 00F60202
                                                                  • Part of subcall function 00F601F8: LeaveCriticalSection.KERNEL32(0101070C,?,00F58747,01012514), ref: 00F60235
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                • API String ID: 535116098-3733170431
                                                                • Opcode ID: 7bbad8701438173b558e09e41a5cb0bc93e7da4fa11a61e940c29fc8da948576
                                                                • Instruction ID: a03d63ffdd35aad9a1e2ada7563b59a27d7095cb3b7620a59483c50e0a82b5fa
                                                                • Opcode Fuzzy Hash: 7bbad8701438173b558e09e41a5cb0bc93e7da4fa11a61e940c29fc8da948576
                                                                • Instruction Fuzzy Hash: 20918E71A0420AAFCB14EF54DA92EADB7B1FF44310F14805DF8469B292DB35AE41EF51
                                                                Function 00FA2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FAB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00FA21D0,?,?,00000034,00000800,?,00000034), ref: 00FAB42D
                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00FA2760
                                                                  • Part of subcall function 00FAB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00FA21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00FAB3F8
                                                                  • Part of subcall function 00FAB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00FAB355
                                                                  • Part of subcall function 00FAB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00FA2194,00000034,?,?,00001004,00000000,00000000), ref: 00FAB365
                                                                  • Part of subcall function 00FAB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00FA2194,00000034,?,?,00001004,00000000,00000000), ref: 00FAB37B
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00FA27CD
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00FA281A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                • String ID: @
                                                                • API String ID: 4150878124-2766056989
                                                                • Opcode ID: 249559e9f6f1d77ca0abb0e4f95d0381bbaf215dff18aa43caa8a86ac6fe059f
                                                                • Instruction ID: f296e138ce1a00c910168fa03c3a422b2d1cc06c5d5a78a993f4adc4c97e8843
                                                                • Opcode Fuzzy Hash: 249559e9f6f1d77ca0abb0e4f95d0381bbaf215dff18aa43caa8a86ac6fe059f
                                                                • Instruction Fuzzy Hash: 2F411CB2A00218AFDB10DFA4CD45AEEBBB8EF0A710F104055FA55B7181DB746F45DBA1
                                                                Function 00F7172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00F71769
                                                                • _free.LIBCMT ref: 00F71834
                                                                • _free.LIBCMT ref: 00F7183E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$FileModuleName
                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                • API String ID: 2506810119-1957095476
                                                                • Opcode ID: 5d5e99db6c78e83ce05d0dbfcc7a03f4dfa904258819ecb3eea6a2342864a8a3
                                                                • Instruction ID: f57e8d70cf5711c1fec551a5378ec932665dfd0e5b107c38a58ee75bb52c2dcc
                                                                • Opcode Fuzzy Hash: 5d5e99db6c78e83ce05d0dbfcc7a03f4dfa904258819ecb3eea6a2342864a8a3
                                                                • Instruction Fuzzy Hash: B7318171E00218ABDB25DFADDC81D9EBBBCFB85320B148167F90897201D6748A45EB92
                                                                Function 00FAC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00FAC306
                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 00FAC34C
                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,01011990,015064D0), ref: 00FAC395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Delete$InfoItem
                                                                • String ID: 0
                                                                • API String ID: 135850232-4108050209
                                                                • Opcode ID: b9c270536c2a72776f606b1f6d3edaa7da9798903ae87935067ccfbdac3300d4
                                                                • Instruction ID: b0ce36ca7edb05870b2dfe8ada5c1ba69093c232d3e2261d53581953ba3f9946
                                                                • Opcode Fuzzy Hash: b9c270536c2a72776f606b1f6d3edaa7da9798903ae87935067ccfbdac3300d4
                                                                • Instruction Fuzzy Hash: AA41C3B16083019FDB20DF25DC44B1ABBE8AF86320F04861DF9A5972D1D774E904EBA2
                                                                Function 00FD4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00FDCC08,00000000,?,?,?,?), ref: 00FD44AA
                                                                • GetWindowLongW.USER32 ref: 00FD44C7
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FD44D7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID: SysTreeView32
                                                                • API String ID: 847901565-1698111956
                                                                • Opcode ID: 59f82aa011bcb18e23ea14bfabf670f54dea035c67d99bf02e6ef11b8cdbf749
                                                                • Instruction ID: bee2b1e564c7711daa338eeaaa1a227043615186030747b0d1f8296cd17f385a
                                                                • Opcode Fuzzy Hash: 59f82aa011bcb18e23ea14bfabf670f54dea035c67d99bf02e6ef11b8cdbf749
                                                                • Instruction Fuzzy Hash: E5319E31610205AFDF259E38DC45BEA7BAAEB09334F284716FD79922D0D774EC90AB50
                                                                Function 00FC304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00FC3077,?,?), ref: 00FC3378
                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00FC307A
                                                                • _wcslen.LIBCMT ref: 00FC309B
                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00FC3106
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                • String ID: 255.255.255.255
                                                                • API String ID: 946324512-2422070025
                                                                • Opcode ID: 8728de1b6e000609b0f101be897e03adff597788f26d61a8d153030319a59d03
                                                                • Instruction ID: 8d32cf167f352eb274460f5798e2a00e20847e6e6a0a7e06335f4d38cebdaef3
                                                                • Opcode Fuzzy Hash: 8728de1b6e000609b0f101be897e03adff597788f26d61a8d153030319a59d03
                                                                • Instruction Fuzzy Hash: 1931E936A042069FC710CF28CA86F6A77E1EF54368F18C05DE9168B392D776DE41E761
                                                                Function 00FD3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00FD3F40
                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00FD3F54
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00FD3F78
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window
                                                                • String ID: SysMonthCal32
                                                                • API String ID: 2326795674-1439706946
                                                                • Opcode ID: 7e31ae669a8cec873b3e481a5db914ac8e9549e769758e312d2b8cf6989210db
                                                                • Instruction ID: ac96a588fe2b39502332312a48fbe2250e76cf952d25b7b38998ce2f6f3899d9
                                                                • Opcode Fuzzy Hash: 7e31ae669a8cec873b3e481a5db914ac8e9549e769758e312d2b8cf6989210db
                                                                • Instruction Fuzzy Hash: AA21AD32A00219BBDF258F60CC46FEA3B76EB48724F150215FA55AB2C0D6B5AC50EB90
                                                                Function 00FD4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00FD4705
                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00FD4713
                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00FD471A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyWindow
                                                                • String ID: msctls_updown32
                                                                • API String ID: 4014797782-2298589950
                                                                • Opcode ID: 6235d77e0b218cd231aa298fee5c92d856fe214fb675bda7d4527114fc9ec3d0
                                                                • Instruction ID: df61df5fc433ea10179ecf722eb67c02a12bd34acf324414ed47bbac4c79ba3a
                                                                • Opcode Fuzzy Hash: 6235d77e0b218cd231aa298fee5c92d856fe214fb675bda7d4527114fc9ec3d0
                                                                • Instruction Fuzzy Hash: 21214CB5600209AFDB10DF64DCC1DA637AEEB4A3A4B04005AFA109B351CB35FC11EB60
                                                                Function 00FA95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                • API String ID: 176396367-2734436370
                                                                • Opcode ID: e8873d7b5c4a6f6eb07dac5e25580514750d140d7c8966204e540f01f9c5eb99
                                                                • Instruction ID: d911c297265cc2ba3c05ff555b260228b89914431d9eee6b4399bf1ac62ab601
                                                                • Opcode Fuzzy Hash: e8873d7b5c4a6f6eb07dac5e25580514750d140d7c8966204e540f01f9c5eb99
                                                                • Instruction Fuzzy Hash: EF216BB29082116AD331BA24DC02FB773DC9F92310F04443AF94997241EBD59D45F291
                                                                Function 00FD37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00FD3840
                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00FD3850
                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00FD3876
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MoveWindow
                                                                • String ID: Listbox
                                                                • API String ID: 3315199576-2633736733
                                                                • Opcode ID: ba37e6b368ab8bc2207181d3cb8c8b209c5705a52ea74fcbfe1e523dedbf80c5
                                                                • Instruction ID: 22621c4fcdd0230efab087a774b77a83ceeeb8ceb7e49646b9757b9ea2c1c55b
                                                                • Opcode Fuzzy Hash: ba37e6b368ab8bc2207181d3cb8c8b209c5705a52ea74fcbfe1e523dedbf80c5
                                                                • Instruction Fuzzy Hash: 7621C272A10119BBEF218F64CC45FBB376FEF89760F148115FA449B290C676DC52A7A0
                                                                Function 00FB49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 00FB4A08
                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00FB4A5C
                                                                • SetErrorMode.KERNEL32(00000000,?,?,00FDCC08), ref: 00FB4AD0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$InformationVolume
                                                                • String ID: %lu
                                                                • API String ID: 2507767853-685833217
                                                                • Opcode ID: 4b497a0f76fed4978a7ea4faa658f0ffca953484182e5603b702cfd1d66ed35f
                                                                • Instruction ID: 1cae62c546629df4175582d690366c09f9dfcbbfc966c9bf2030feb88dcbc9f0
                                                                • Opcode Fuzzy Hash: 4b497a0f76fed4978a7ea4faa658f0ffca953484182e5603b702cfd1d66ed35f
                                                                • Instruction Fuzzy Hash: EF318071A00109AFD710DF64C985EAE7BF8EF04308F144095E905DB252D775ED46DBA1
                                                                Function 00FD41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00FD424F
                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00FD4264
                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00FD4271
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: msctls_trackbar32
                                                                • API String ID: 3850602802-1010561917
                                                                • Opcode ID: c76ef6b7d323d5a2f7210f1d62a581f4d8b671c65aa3025440b184e64525f496
                                                                • Instruction ID: ef6fec3100511124960a034aa7c74051b76e87872ad1332da76dacd7f3d1981e
                                                                • Opcode Fuzzy Hash: c76ef6b7d323d5a2f7210f1d62a581f4d8b671c65aa3025440b184e64525f496
                                                                • Instruction Fuzzy Hash: 58110232640248BFEF215F39CC06FAB3BADEF95B64F150125FA95E6190D671EC11AB20
                                                                Function 00FA2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                  • Part of subcall function 00FA2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00FA2DC5
                                                                  • Part of subcall function 00FA2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00FA2DD6
                                                                  • Part of subcall function 00FA2DA7: GetCurrentThreadId.KERNEL32 ref: 00FA2DDD
                                                                  • Part of subcall function 00FA2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00FA2DE4
                                                                • GetFocus.USER32 ref: 00FA2F78
                                                                  • Part of subcall function 00FA2DEE: GetParent.USER32(00000000), ref: 00FA2DF9
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00FA2FC3
                                                                • EnumChildWindows.USER32(?,00FA303B), ref: 00FA2FEB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                • String ID: %s%d
                                                                • API String ID: 1272988791-1110647743
                                                                • Opcode ID: b913a80a503a6d8e022a6938abca24e613f85a9d31b74bab4e437423f681fe2a
                                                                • Instruction ID: 44bf4f2a382c6f6c322208bc9353be49da053d55e3bf7bd7a319cb7ade1fd1a4
                                                                • Opcode Fuzzy Hash: b913a80a503a6d8e022a6938abca24e613f85a9d31b74bab4e437423f681fe2a
                                                                • Instruction Fuzzy Hash: ED1190B17002096BDF546F748C85EEE376AAF85308F048075BD099B292DE349949EB61
                                                                Function 00FD5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00FD58C1
                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00FD58EE
                                                                • DrawMenuBar.USER32(?), ref: 00FD58FD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$InfoItem$Draw
                                                                • String ID: 0
                                                                • API String ID: 3227129158-4108050209
                                                                • Opcode ID: aa6a7a08256f01fa23a931f16028396ddb62bfc297e87b8f2a6df1d4bb358661
                                                                • Instruction ID: c11fd843100888cbef5bfb586770b8a9ab846c1376d4f7ad55a8c33969976cf0
                                                                • Opcode Fuzzy Hash: aa6a7a08256f01fa23a931f16028396ddb62bfc297e87b8f2a6df1d4bb358661
                                                                • Instruction Fuzzy Hash: 2D01C431900208EFDB109F11DC45BAEBBB6FF45761F08809AE848D6251DB308A89FF21
                                                                Function 00F9D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00F9D3BF
                                                                • FreeLibrary.KERNEL32 ref: 00F9D3E5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                • API String ID: 3013587201-2590602151
                                                                • Opcode ID: b5f54e65d4e2c7495cb6411dd5bf1c696e6d3711f2112cbd97268cce5816d568
                                                                • Instruction ID: beef8661986d27180d476ee30d7a8afcc0f5bc1d14ce568a9671bfc6934589a4
                                                                • Opcode Fuzzy Hash: b5f54e65d4e2c7495cb6411dd5bf1c696e6d3711f2112cbd97268cce5816d568
                                                                • Instruction Fuzzy Hash: 48F0E573C026229BFF7917308C58E693315AF10746BB9815AFA42E6149DB60CD44F6D2
                                                                Function 00FA007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 47938c7854f96ace8e3396e5ba9d8834a9884665305cbee0cf6662ab04e48b26
                                                                • Instruction ID: a202a09bb43b336e083d3c71f6a92eacf96c99cf663ce63073f3fb23e61d831f
                                                                • Opcode Fuzzy Hash: 47938c7854f96ace8e3396e5ba9d8834a9884665305cbee0cf6662ab04e48b26
                                                                • Instruction Fuzzy Hash: 18C15BB5A0020AEFDB14CFA4D894BAEB7B5FF49314F208598E505EB251DB31ED41EB90
                                                                Function 00F73E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: __alldvrm$_strrchr
                                                                • String ID:
                                                                • API String ID: 1036877536-0
                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction ID: 602ccb9083fb203126a3f9224da2adb99aa5cde3432702f41af832db801ae719
                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction Fuzzy Hash: D2A18B32D003469FD716DF18CC917AEBBE4EF21360F14816FE5598B281C378A981E752
                                                                Function 00FC342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                • String ID:
                                                                • API String ID: 1998397398-0
                                                                • Opcode ID: 8ecdbcae4980d92d0bfcb8e8b3b4ae95da6829a7273d580bcb55adf1723abb6a
                                                                • Instruction ID: 84ab8b0b83401bf2cef9be895a299dc0c15852f71ac9970e7a2c5512dab280bb
                                                                • Opcode Fuzzy Hash: 8ecdbcae4980d92d0bfcb8e8b3b4ae95da6829a7273d580bcb55adf1723abb6a
                                                                • Instruction Fuzzy Hash: 81A12B756043119FC700EF24C985E1ABBE5EF88764F08885DF9899B362DB34ED05EB91
                                                                Function 00FA0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00FDFC08,?), ref: 00FA05F0
                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00FDFC08,?), ref: 00FA0608
                                                                • CLSIDFromProgID.OLE32(?,?,00000000,00FDCC40,000000FF,?,00000000,00000800,00000000,?,00FDFC08,?), ref: 00FA062D
                                                                • _memcmp.LIBVCRUNTIME ref: 00FA064E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FromProg$FreeTask_memcmp
                                                                • String ID:
                                                                • API String ID: 314563124-0
                                                                • Opcode ID: 5654eca9994ad00b68148e8aeacdc525c5121eacb4bb419ca6d7db893351cc7c
                                                                • Instruction ID: b71e00f49d4c400d148bfaa1068a7ea1c8644e61c17399a6f502e3d8b2a6de25
                                                                • Opcode Fuzzy Hash: 5654eca9994ad00b68148e8aeacdc525c5121eacb4bb419ca6d7db893351cc7c
                                                                • Instruction Fuzzy Hash: 968129B5E00109EFCB04DF94C988EEEB7B9FF89315F244558E506AB250DB71AE06DB60
                                                                Function 00FCA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00FCA6AC
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00FCA6BA
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00FCA79C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FCA7AB
                                                                  • Part of subcall function 00F5CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00F83303,?), ref: 00F5CE8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                • String ID:
                                                                • API String ID: 1991900642-0
                                                                • Opcode ID: fa9cb32f34da5b4feea0b5b2ac7123cb6ce8f30fa552d809f11b2d26d8319564
                                                                • Instruction ID: 94671397d3c2e9ae9ec86235a81825da48c8078d6b305f24f3b063120d3d9bef
                                                                • Opcode Fuzzy Hash: fa9cb32f34da5b4feea0b5b2ac7123cb6ce8f30fa552d809f11b2d26d8319564
                                                                • Instruction Fuzzy Hash: AA514771508301AFD310EF24CC86A6BBBE8FF89754F00491DF98597292EB74E904DB92
                                                                Function 00F81391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: bdb30b141710393227c4b4899fdfdfe6d7cec5720bb68833dd69dd259818cc59
                                                                • Instruction ID: 297f5b3f6228d8a86e9e4c38ebe2187410dd3a6ff12de89b801c42d596960848
                                                                • Opcode Fuzzy Hash: bdb30b141710393227c4b4899fdfdfe6d7cec5720bb68833dd69dd259818cc59
                                                                • Instruction Fuzzy Hash: A9411931E00100ABDB21FBB99C45AFE3BADFF46370F144326F419D6192E67848527762
                                                                Function 00FD6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00FD62E2
                                                                • ScreenToClient.USER32(?,?), ref: 00FD6315
                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00FD6382
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientMoveRectScreen
                                                                • String ID:
                                                                • API String ID: 3880355969-0
                                                                • Opcode ID: dbcd4fc136b91e58c5df5c4a72d06345f6339cb1041b367169eb1f449f60edee
                                                                • Instruction ID: ddf506078ec7f52f921e65d73f10535f5640902a484621034d0f897e5484df8c
                                                                • Opcode Fuzzy Hash: dbcd4fc136b91e58c5df5c4a72d06345f6339cb1041b367169eb1f449f60edee
                                                                • Instruction Fuzzy Hash: 56514A74A00209AFCF24DF68D8809AE7BB6FB55360F14825AF925DB390D731ED41EB90
                                                                Function 00FC1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00FC1AFD
                                                                • WSAGetLastError.WSOCK32 ref: 00FC1B0B
                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00FC1B8A
                                                                • WSAGetLastError.WSOCK32 ref: 00FC1B94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$socket
                                                                • String ID:
                                                                • API String ID: 1881357543-0
                                                                • Opcode ID: d4226d67b9722bbea110c218ddd8c2d4a2518ab423406d28965c23d96cecfc87
                                                                • Instruction ID: 1d2251ec97830d12e5ac6103507b940f222a5487a3b10308209338e23dd2f035
                                                                • Opcode Fuzzy Hash: d4226d67b9722bbea110c218ddd8c2d4a2518ab423406d28965c23d96cecfc87
                                                                • Instruction Fuzzy Hash: DA419034A00201AFE720AF24C886F257BE5AB85718F54844CFA1A9F3D3D776DD41DB90
                                                                Function 00F7B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05e3894e18d69eeb7677d02635c25d8be07af6da16ed91648038983d8df1badd
                                                                • Instruction ID: 3c716350610cbe1aafe40e1718c687bddce826e28dd484a802a322eef6ede8a6
                                                                • Opcode Fuzzy Hash: 05e3894e18d69eeb7677d02635c25d8be07af6da16ed91648038983d8df1badd
                                                                • Instruction Fuzzy Hash: 44411B71A00304BFD724DF38CC41BAA7BF9EB85720F10862BF549DB282D775A9019791
                                                                Function 00FB56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00FB5783
                                                                • GetLastError.KERNEL32(?,00000000), ref: 00FB57A9
                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00FB57CE
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00FB57FA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                • String ID:
                                                                • API String ID: 3321077145-0
                                                                • Opcode ID: 1c7e254af290cf3477677eabb3f90b02830915db1ec8d570f358a13c9fb0702d
                                                                • Instruction ID: 088761c57d9ee95af85e47cc651e56ed4e5c2eeb00797e648d37de79a0941463
                                                                • Opcode Fuzzy Hash: 1c7e254af290cf3477677eabb3f90b02830915db1ec8d570f358a13c9fb0702d
                                                                • Instruction Fuzzy Hash: 7A41FA35600615DFCB11EF15C944A59BBE2EF49720B198888EC4A9F366CB39FD40EB91
                                                                Function 00F7D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00F66D71,00000000,00000000,00F682D9,?,00F682D9,?,00000001,00F66D71,8BE85006,00000001,00F682D9,00F682D9), ref: 00F7D910
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F7D999
                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00F7D9AB
                                                                • __freea.LIBCMT ref: 00F7D9B4
                                                                  • Part of subcall function 00F73820: RtlAllocateHeap.NTDLL(00000000,?,01011444,?,00F5FDF5,?,?,00F4A976,00000010,01011440,00F413FC,?,00F413C6,?,00F41129), ref: 00F73852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                • String ID:
                                                                • API String ID: 2652629310-0
                                                                • Opcode ID: 5c9f55c684b1fcad8cd88aa5579d257a35577363228d75ce20d024de04a8a64d
                                                                • Instruction ID: 38fdbd8f1de8329efde17dfc2df7663d51e5898dba0853ab56e513d2a7201f58
                                                                • Opcode Fuzzy Hash: 5c9f55c684b1fcad8cd88aa5579d257a35577363228d75ce20d024de04a8a64d
                                                                • Instruction Fuzzy Hash: 1C31C072A0021AABDB259F64DC41EAE7BB5EF40320F15826AFD08D6150EB39DD50EB91
                                                                Function 00FD52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00FD5352
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD5375
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FD5382
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00FD53A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                • String ID:
                                                                • API String ID: 3340791633-0
                                                                • Opcode ID: 32bd63780c70773293d01cb28122231cb028ced1a600f6870c6a7af470556189
                                                                • Instruction ID: 672b26d23204f95c4a1227bdd1896c05f3516f17851197de81b3b52c1ab4a23d
                                                                • Opcode Fuzzy Hash: 32bd63780c70773293d01cb28122231cb028ced1a600f6870c6a7af470556189
                                                                • Instruction Fuzzy Hash: 0B31C035E55A0CEFEB349A64CC06BE87767AB04BA0F5C4103FA50963E1C7B59990FB81
                                                                Function 00FAAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00FAABF1
                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 00FAAC0D
                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 00FAAC74
                                                                • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00FAACC6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: d8a761bcad70cff88e1f1c14a2c1fa92849908bc4fc03200a3d46d0aaa882ebd
                                                                • Instruction ID: 63333c286218b2c178c1c551cf15a5cec6751d38e2094a310d7262bf9222abff
                                                                • Opcode Fuzzy Hash: d8a761bcad70cff88e1f1c14a2c1fa92849908bc4fc03200a3d46d0aaa882ebd
                                                                • Instruction Fuzzy Hash: F931F8B0E446186FFF258B658C047FA7BA6AB46330F04431AE485921D1D379C989F792
                                                                Function 00FD7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ClientToScreen.USER32(?,?), ref: 00FD769A
                                                                • GetWindowRect.USER32(?,?), ref: 00FD7710
                                                                • PtInRect.USER32(?,?,00FD8B89), ref: 00FD7720
                                                                • MessageBeep.USER32(00000000), ref: 00FD778C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                • String ID:
                                                                • API String ID: 1352109105-0
                                                                • Opcode ID: 03f8ecb84f53bea525ef1ecef8d12c151cd44ca137a380dcec00f746b1e7dab1
                                                                • Instruction ID: c52eb56497e3b77ee32c57fa9e6df1fbb8e53d875b5ed16e25c141fb1f229f73
                                                                • Opcode Fuzzy Hash: 03f8ecb84f53bea525ef1ecef8d12c151cd44ca137a380dcec00f746b1e7dab1
                                                                • Instruction Fuzzy Hash: 6641B134A093159FCB11EF68C884EA9BBF2BB48310F1844AAE5648F350E335E941EB90
                                                                Function 00FD16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32 ref: 00FD16EB
                                                                  • Part of subcall function 00FA3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00FA3A57
                                                                  • Part of subcall function 00FA3A3D: GetCurrentThreadId.KERNEL32 ref: 00FA3A5E
                                                                  • Part of subcall function 00FA3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00FA25B3), ref: 00FA3A65
                                                                • GetCaretPos.USER32(?), ref: 00FD16FF
                                                                • ClientToScreen.USER32(00000000,?), ref: 00FD174C
                                                                • GetForegroundWindow.USER32 ref: 00FD1752
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                • String ID:
                                                                • API String ID: 2759813231-0
                                                                • Opcode ID: a6db3f6cef213972a696f5d85d626b4b8c14d5110b39bea00c372dc8f9e64bb7
                                                                • Instruction ID: 394b424a02523cb1767b17967ec7da8edec6885450c0af85b41e902bf55e00b9
                                                                • Opcode Fuzzy Hash: a6db3f6cef213972a696f5d85d626b4b8c14d5110b39bea00c372dc8f9e64bb7
                                                                • Instruction Fuzzy Hash: 3F316F75D01249AFC700EFA9C881CAEBBF9EF49304B5480AAE815E7211D735DE45DBA0
                                                                Function 00FADF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F47620: _wcslen.LIBCMT ref: 00F47625
                                                                • _wcslen.LIBCMT ref: 00FADFCB
                                                                • _wcslen.LIBCMT ref: 00FADFE2
                                                                • _wcslen.LIBCMT ref: 00FAE00D
                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00FAE018
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                • String ID:
                                                                • API String ID: 3763101759-0
                                                                • Opcode ID: 8642b64a9a11bca216cd6db152cb2eda9fae0b490e18fa8790c05aa07dc64c2d
                                                                • Instruction ID: 44b83441495f614f5622cdae815e807a8e2179025e48d0174059f0e584780dbb
                                                                • Opcode Fuzzy Hash: 8642b64a9a11bca216cd6db152cb2eda9fae0b490e18fa8790c05aa07dc64c2d
                                                                • Instruction Fuzzy Hash: 4D21E5B1D00214AFCB10EFA8CD82BAEB7F8EF46720F104065E905BB245D6749E41EBA1
                                                                Function 00FD8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F59BB2
                                                                • GetCursorPos.USER32(?), ref: 00FD9001
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00F97711,?,?,?,?,?), ref: 00FD9016
                                                                • GetCursorPos.USER32(?), ref: 00FD905E
                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00F97711,?,?,?), ref: 00FD9094
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                • String ID:
                                                                • API String ID: 2864067406-0
                                                                • Opcode ID: 5d5caefb78e39c8b7710c898a322c4d73e0b9de5ea61debf0ab42d553ba8602b
                                                                • Instruction ID: a3247601bafc98e3283cb717fed0028c504e39e2b8b7030e1ba302b7fd754afd
                                                                • Opcode Fuzzy Hash: 5d5caefb78e39c8b7710c898a322c4d73e0b9de5ea61debf0ab42d553ba8602b
                                                                • Instruction Fuzzy Hash: F321B131604018FFCB259FB4D848EEA3BBAEF49360F088156FA0587261C3759950EB60
                                                                Function 00FAD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNEL32(?,00FDCB68), ref: 00FAD2FB
                                                                • GetLastError.KERNEL32 ref: 00FAD30A
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00FAD319
                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00FDCB68), ref: 00FAD376
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                • String ID:
                                                                • API String ID: 2267087916-0
                                                                • Opcode ID: d1afe9434461d4a39fc03314483b8c11cbc87db72f42ebdf773d530dfec56241
                                                                • Instruction ID: 08d1478f509f86d0cecfe0646bd2dd6ab8e87de3230724c472e640860c713ef6
                                                                • Opcode Fuzzy Hash: d1afe9434461d4a39fc03314483b8c11cbc87db72f42ebdf773d530dfec56241
                                                                • Instruction Fuzzy Hash: 3321A3B49093029F8B00DF28C88146EBBE4EF57364F504A1EF49AC72A1D731D945EB93
                                                                Function 00FA1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00FA102A
                                                                  • Part of subcall function 00FA1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00FA1036
                                                                  • Part of subcall function 00FA1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00FA1045
                                                                  • Part of subcall function 00FA1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00FA104C
                                                                  • Part of subcall function 00FA1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00FA1062
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00FA15BE
                                                                • _memcmp.LIBVCRUNTIME ref: 00FA15E1
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FA1617
                                                                • HeapFree.KERNEL32(00000000), ref: 00FA161E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                • String ID:
                                                                • API String ID: 1592001646-0
                                                                • Opcode ID: 3251927d878f16885badb14843d4a5e96a8612b8a91b087eadaa1cc219bea98d
                                                                • Instruction ID: 46854b8fba13507ac5c1c9cd4871cadf573d1dd157b478f49311680218dd1d09
                                                                • Opcode Fuzzy Hash: 3251927d878f16885badb14843d4a5e96a8612b8a91b087eadaa1cc219bea98d
                                                                • Instruction Fuzzy Hash: A7218CB1E41109EFDF10DFA4C945BEEB7B9FF45354F0A4459E441AB241E730AA05EBA0
                                                                Function 00FD2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00FD280A
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00FD2824
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00FD2832
                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00FD2840
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$AttributesLayered
                                                                • String ID:
                                                                • API String ID: 2169480361-0
                                                                • Opcode ID: 7dfc94f680de50d4eee98bccd614a662dd97a4ec97effe35c6768ed63924cb1b
                                                                • Instruction ID: 2fb946dfc0bfd8ca4c4e67832736ea9d39e828629beac4c71466dfb616729b4c
                                                                • Opcode Fuzzy Hash: 7dfc94f680de50d4eee98bccd614a662dd97a4ec97effe35c6768ed63924cb1b
                                                                • Instruction Fuzzy Hash: 3721F131605111AFD7549B24CC44FAA7B96EF55324F18825AF8268B3E2CB79FC42EBD0
                                                                Function 00FA78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FA8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00FA790A,?,000000FF,?,00FA8754,00000000,?,0000001C,?,?), ref: 00FA8D8C
                                                                  • Part of subcall function 00FA8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00FA8DB2
                                                                  • Part of subcall function 00FA8D7D: lstrcmpiW.KERNEL32(00000000,?,00FA790A,?,000000FF,?,00FA8754,00000000,?,0000001C,?,?), ref: 00FA8DE3
                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00FA8754,00000000,?,0000001C,?,?,00000000), ref: 00FA7923
                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 00FA7949
                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00FA8754,00000000,?,0000001C,?,?,00000000), ref: 00FA7984
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                • String ID: cdecl
                                                                • API String ID: 4031866154-3896280584
                                                                • Opcode ID: 9cc4d06f77e38d6e6c42cbfe53b1ca7d5f120acc814c59a69509aaa361a43a70
                                                                • Instruction ID: 4838c5cf434de1afa39ee4c30b6f126faff4ebcf305f86262e658b11fe092118
                                                                • Opcode Fuzzy Hash: 9cc4d06f77e38d6e6c42cbfe53b1ca7d5f120acc814c59a69509aaa361a43a70
                                                                • Instruction Fuzzy Hash: CF11067A201302ABDB15AF34CC45E7B77AAFF4A390B00402BF942C7264EB319812E791
                                                                Function 00FD7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00FD7D0B
                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00FD7D2A
                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00FD7D42
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00FBB7AD,00000000), ref: 00FD7D6B
                                                                  • Part of subcall function 00F59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F59BB2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID:
                                                                • API String ID: 847901565-0
                                                                • Opcode ID: 0e794c59d924480bc0e340c76f7557cf521dc094cc54d43590411721ae2c4e9a
                                                                • Instruction ID: 963442dc14e614095becd1271c34d566b90aa38ce21f156861e2e2fc1777cf46
                                                                • Opcode Fuzzy Hash: 0e794c59d924480bc0e340c76f7557cf521dc094cc54d43590411721ae2c4e9a
                                                                • Instruction Fuzzy Hash: B211D232605715AFCB10AF38CC04A663BA7AF45370B194326F93ADB2E0E7358910EB80
                                                                Function 00FD5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 00FD56BB
                                                                • _wcslen.LIBCMT ref: 00FD56CD
                                                                • _wcslen.LIBCMT ref: 00FD56D8
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00FD5816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend_wcslen
                                                                • String ID:
                                                                • API String ID: 455545452-0
                                                                • Opcode ID: de823a2d4a07865f00401333b51eb7493eae8980a4eaff5e9403402942615ba0
                                                                • Instruction ID: d3376e18a5b2d6d43e5fbf99643563121049c50388b6e457c67f16bee21a3fd2
                                                                • Opcode Fuzzy Hash: de823a2d4a07865f00401333b51eb7493eae8980a4eaff5e9403402942615ba0
                                                                • Instruction Fuzzy Hash: 95110672A0060896DF20DF75CC81AEE376DEF11B70B18402BF915D6281EB74C980EF61
                                                                Function 00F71D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 077f6773413f569c5d4d91f19f419bec57af4262d5f44e47df00b87974ca3f9a
                                                                • Instruction ID: 892dc209b460ec2241f6fcae6c2f0b0863d1c673442d3631ec919c3f6d697721
                                                                • Opcode Fuzzy Hash: 077f6773413f569c5d4d91f19f419bec57af4262d5f44e47df00b87974ca3f9a
                                                                • Instruction Fuzzy Hash: 9501DFB260561A3EFA21267C6CC1F27772DEF453B8F348327F528A21C2DB648C487562
                                                                Function 00FA1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00FA1A47
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00FA1A59
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00FA1A6F
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00FA1A8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 934709058d0915dba859399f7aa06c3ed626b23dff79877690b3d2259c9d1c1f
                                                                • Instruction ID: f9621ef2c6d05a8931c646427c3e5c2ae99d42da08f7330b3672e3c0ea8f8f60
                                                                • Opcode Fuzzy Hash: 934709058d0915dba859399f7aa06c3ed626b23dff79877690b3d2259c9d1c1f
                                                                • Instruction Fuzzy Hash: F3113C7AD01219FFEB10DBA4CD85FADBB78FB04750F210091E604B7290D6716E50EB94
                                                                Function 00FAE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 00FAE1FD
                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00FAE230
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00FAE246
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00FAE24D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                • String ID:
                                                                • API String ID: 2880819207-0
                                                                • Opcode ID: 9c08cc3c70ebdc4a747aa73dce2a79bce8d2a256a4f740266ae551438d89f986
                                                                • Instruction ID: d22446dcd13b10727a1652b8cb7087b68e86a18d3f78a7ee850eab70110642a0
                                                                • Opcode Fuzzy Hash: 9c08cc3c70ebdc4a747aa73dce2a79bce8d2a256a4f740266ae551438d89f986
                                                                • Instruction Fuzzy Hash: 1E1108B2D0425DBBC7159FB8DC09B9E7FADDB46324F008216F914D3284D2B9C90097A0
                                                                Function 00F6D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNEL32(00000000,?,00F6CFF9,00000000,00000004,00000000), ref: 00F6D218
                                                                • GetLastError.KERNEL32 ref: 00F6D224
                                                                • __dosmaperr.LIBCMT ref: 00F6D22B
                                                                • ResumeThread.KERNEL32(00000000), ref: 00F6D249
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                • String ID:
                                                                • API String ID: 173952441-0
                                                                • Opcode ID: 851286881f1166c188f154c37f39f0ba7c4f57fd6d718c89a0a739b50af300ed
                                                                • Instruction ID: 535e1a9763deb82eec6d37dbe9ffd9b0bcf65aed50b809f5a20289a2a9e06872
                                                                • Opcode Fuzzy Hash: 851286881f1166c188f154c37f39f0ba7c4f57fd6d718c89a0a739b50af300ed
                                                                • Instruction Fuzzy Hash: 8A01D236E05208BBDB116BA5DC09BAA7B69EF82330F104219F925921D0CB71C941E7A1
                                                                Function 00FD9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F59BB2
                                                                • GetClientRect.USER32(?,?), ref: 00FD9F31
                                                                • GetCursorPos.USER32(?), ref: 00FD9F3B
                                                                • ScreenToClient.USER32(?,?), ref: 00FD9F46
                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00FD9F7A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                • String ID:
                                                                • API String ID: 4127811313-0
                                                                • Opcode ID: 7483894a7fdae465efb8d639f01da33153d17b4f4951cc5dbc931e9d1a72eef9
                                                                • Instruction ID: d8c88dd38667004137be9136add2b87416190e78e50ed22179c550d8012973ba
                                                                • Opcode Fuzzy Hash: 7483894a7fdae465efb8d639f01da33153d17b4f4951cc5dbc931e9d1a72eef9
                                                                • Instruction Fuzzy Hash: E5115A3290411ABBDB14DFA8D8499EE77BEFF45311F440552F911E3240D374BA81EBA1
                                                                Function 00F4600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F4604C
                                                                • GetStockObject.GDI32(00000011), ref: 00F46060
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F4606A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                • String ID:
                                                                • API String ID: 3970641297-0
                                                                • Opcode ID: f37ef73f829010dcaa859c826cd2834b915f9838691cfd12d4f83d330fe9d26b
                                                                • Instruction ID: 2bee0e9f37d5d1c353083a27f04fdf1f41b6e837a5610023e067b3a744b2f5c0
                                                                • Opcode Fuzzy Hash: f37ef73f829010dcaa859c826cd2834b915f9838691cfd12d4f83d330fe9d26b
                                                                • Instruction Fuzzy Hash: D4115E72502509BFEF125FA89C44AEABF6AEF09365F040216FE1492110D736DC60EB91
                                                                Function 00F63B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00F63B56
                                                                  • Part of subcall function 00F63AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00F63AD2
                                                                  • Part of subcall function 00F63AA3: ___AdjustPointer.LIBCMT ref: 00F63AED
                                                                • _UnwindNestedFrames.LIBCMT ref: 00F63B6B
                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00F63B7C
                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00F63BA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                • String ID:
                                                                • API String ID: 737400349-0
                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction ID: d014ef5fffb95e99a1d5588d228506e7e46806061907e2a4f472a161a901ff4e
                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction Fuzzy Hash: C401E932500149BBDF126E95CC46EEB7B69EF99764F044014FE4896121C736E961FBA0
                                                                Function 00F73073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00F413C6,00000000,00000000,?,00F7301A,00F413C6,00000000,00000000,00000000,?,00F7328B,00000006,FlsSetValue), ref: 00F730A5
                                                                • GetLastError.KERNEL32(?,00F7301A,00F413C6,00000000,00000000,00000000,?,00F7328B,00000006,FlsSetValue,00FE2290,FlsSetValue,00000000,00000364,?,00F72E46), ref: 00F730B1
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00F7301A,00F413C6,00000000,00000000,00000000,?,00F7328B,00000006,FlsSetValue,00FE2290,FlsSetValue,00000000), ref: 00F730BF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID:
                                                                • API String ID: 3177248105-0
                                                                • Opcode ID: b2e8c2744e116047ba2b73965a6040a9e8b1a46fe890f2754b4a83c400ca61ff
                                                                • Instruction ID: 0c4ed3b621cd8eaf6521bfa76ecfff03bf1f15ab2585501bbf74ae4c2c2ef3d6
                                                                • Opcode Fuzzy Hash: b2e8c2744e116047ba2b73965a6040a9e8b1a46fe890f2754b4a83c400ca61ff
                                                                • Instruction Fuzzy Hash: 1F012B32752237BBCB314B799C44A577B99AF05B75B208722F90DE7180D721D901F6E1
                                                                Function 00FA7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00FA747F
                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00FA7497
                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00FA74AC
                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00FA74CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                • String ID:
                                                                • API String ID: 1352324309-0
                                                                • Opcode ID: 2b7ede768c0c574104c9cecb7221230c87a0a945add10f641f4277ddf6351352
                                                                • Instruction ID: 518067caab4f43f6e9b181224ed1a54689ce0db79be864f4e75a808014b085fa
                                                                • Opcode Fuzzy Hash: 2b7ede768c0c574104c9cecb7221230c87a0a945add10f641f4277ddf6351352
                                                                • Instruction Fuzzy Hash: 7F1161F520A315DFE720EF24DD09F927BFCEB05B04F10856AAA56D6191D770E904EBA0
                                                                Function 00FAB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00FAACD3,?,00008000), ref: 00FAB0C4
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00FAACD3,?,00008000), ref: 00FAB0E9
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00FAACD3,?,00008000), ref: 00FAB0F3
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00FAACD3,?,00008000), ref: 00FAB126
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CounterPerformanceQuerySleep
                                                                • String ID:
                                                                • API String ID: 2875609808-0
                                                                • Opcode ID: 784b9cdb666ca9c1be629a178a59e6262f05a0c66624a023fc677edc46f8eed6
                                                                • Instruction ID: 2420747e6e2f042dc4e82dc0a6e547a18a25aab2d2ea2c18da03479c1f1e3d19
                                                                • Opcode Fuzzy Hash: 784b9cdb666ca9c1be629a178a59e6262f05a0c66624a023fc677edc46f8eed6
                                                                • Instruction Fuzzy Hash: 5B115B71C0152DE7CF00AFE5E9586EEBF78FF0A711F108096D941B2182CB305650EB91
                                                                Function 00FD7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00FD7E33
                                                                • ScreenToClient.USER32(?,?), ref: 00FD7E4B
                                                                • ScreenToClient.USER32(?,?), ref: 00FD7E6F
                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00FD7E8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                • String ID:
                                                                • API String ID: 357397906-0
                                                                • Opcode ID: 0fccab910d3bae94ad383e9bc273c031d928a502ebe0b6c7c8244e840279defc
                                                                • Instruction ID: 86e23a032664c892fe31ea362329612a73e4de5746ff63856dcb9e0f84813761
                                                                • Opcode Fuzzy Hash: 0fccab910d3bae94ad383e9bc273c031d928a502ebe0b6c7c8244e840279defc
                                                                • Instruction Fuzzy Hash: 781113B9D0024AAFDB41DFA8C884AEEBBF5FB08310F505156E915E3210D735AA55DF90
                                                                Function 00FA2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00FA2DC5
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00FA2DD6
                                                                • GetCurrentThreadId.KERNEL32 ref: 00FA2DDD
                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00FA2DE4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 2710830443-0
                                                                • Opcode ID: aa53bc6a0c54aa7c36024e0886a9e6b03f671df624d821b485f85c22fcb8f337
                                                                • Instruction ID: 554677d33bef9acd5fb445cfd6919ecf5dc549f4088b96b842475b6a01a585c2
                                                                • Opcode Fuzzy Hash: aa53bc6a0c54aa7c36024e0886a9e6b03f671df624d821b485f85c22fcb8f337
                                                                • Instruction Fuzzy Hash: 76E06DB26022297ADB201B779C0DFEB3F6DEF43BA1F000016B509D10819AA4C840E6F0
                                                                Function 00FD8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F59639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F59693
                                                                  • Part of subcall function 00F59639: SelectObject.GDI32(?,00000000), ref: 00F596A2
                                                                  • Part of subcall function 00F59639: BeginPath.GDI32(?), ref: 00F596B9
                                                                  • Part of subcall function 00F59639: SelectObject.GDI32(?,00000000), ref: 00F596E2
                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00FD8887
                                                                • LineTo.GDI32(?,?,?), ref: 00FD8894
                                                                • EndPath.GDI32(?), ref: 00FD88A4
                                                                • StrokePath.GDI32(?), ref: 00FD88B2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                • String ID:
                                                                • API String ID: 1539411459-0
                                                                • Opcode ID: e705bcc34697778792c5f5e917170c148fac1b5f27908201e50282dcc4c8cae1
                                                                • Instruction ID: 2d0daca3b0d857225bd9d666d4816ba819d7b318afef7c315d28bbedbbee5cd1
                                                                • Opcode Fuzzy Hash: e705bcc34697778792c5f5e917170c148fac1b5f27908201e50282dcc4c8cae1
                                                                • Instruction Fuzzy Hash: F9F03A36046259FADB125FA4AC0DFCE3B5AAF06311F048002FB11A51E1C7BA5511EBE5
                                                                Function 00F598B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000008), ref: 00F598CC
                                                                • SetTextColor.GDI32(?,?), ref: 00F598D6
                                                                • SetBkMode.GDI32(?,00000001), ref: 00F598E9
                                                                • GetStockObject.GDI32(00000005), ref: 00F598F1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$ModeObjectStockText
                                                                • String ID:
                                                                • API String ID: 4037423528-0
                                                                • Opcode ID: f520ed3297fe70097f9e091b5c2f7aee33b965c61431270d31814b4d2f08025e
                                                                • Instruction ID: 52e3b317d40af3a297694235ee8c7ca6aae593c6e4a0e3498a7d0be693acd6b1
                                                                • Opcode Fuzzy Hash: f520ed3297fe70097f9e091b5c2f7aee33b965c61431270d31814b4d2f08025e
                                                                • Instruction Fuzzy Hash: B2E06532645395AAEF215B74BC09BD83F11AB11736F08821AF6F5540E1C3714640EB10
                                                                Function 00FA162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThread.KERNEL32 ref: 00FA1634
                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,00FA11D9), ref: 00FA163B
                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00FA11D9), ref: 00FA1648
                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,00FA11D9), ref: 00FA164F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentOpenProcessThreadToken
                                                                • String ID:
                                                                • API String ID: 3974789173-0
                                                                • Opcode ID: 59b41143f236e93c6fa6b54494f86106faeb434a5525df2633535b851b3f81dc
                                                                • Instruction ID: 2fb1ae6736fe54361a3f60c57abe01d3d273836a48178a033dfcc75759fbda48
                                                                • Opcode Fuzzy Hash: 59b41143f236e93c6fa6b54494f86106faeb434a5525df2633535b851b3f81dc
                                                                • Instruction Fuzzy Hash: 60E08671A03216DBD7202FF09E0DB463B7DBF457A2F154809F245C9080D6344440E790
                                                                Function 00F9D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 00F9D858
                                                                • GetDC.USER32(00000000), ref: 00F9D862
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F9D882
                                                                • ReleaseDC.USER32(?), ref: 00F9D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: 24d8339d4c388b3c375de99e5963c875ee0929fc348bef045ce66aa6514261c8
                                                                • Instruction ID: a4163ecf06345ebdb0d5d7cba521854b528d2c0587361f5aada2b23f749cdbe3
                                                                • Opcode Fuzzy Hash: 24d8339d4c388b3c375de99e5963c875ee0929fc348bef045ce66aa6514261c8
                                                                • Instruction Fuzzy Hash: 35E01AB180220ADFCF41AFB0D80C66DBBB6FB08311F24800AE80AE7250C7388905FF90
                                                                Function 00F9D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 00F9D86C
                                                                • GetDC.USER32(00000000), ref: 00F9D876
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F9D882
                                                                • ReleaseDC.USER32(?), ref: 00F9D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: a7930260c5db0ea359d55ab11376c8c0ae5a6cae586ed1a5594b23ad82078e56
                                                                • Instruction ID: 210ba5cd1230dceab46044e11cccb2675adbfb1c5a3fdc6aabc31500971eccc5
                                                                • Opcode Fuzzy Hash: a7930260c5db0ea359d55ab11376c8c0ae5a6cae586ed1a5594b23ad82078e56
                                                                • Instruction Fuzzy Hash: 9EE09A75802209DFCB51AFB0D80C66DBBB6FB08311B14944AE94AE7254C7399905FF90
                                                                Function 00FB4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F47620: _wcslen.LIBCMT ref: 00F47625
                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00FB4ED4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Connection_wcslen
                                                                • String ID: *$LPT
                                                                • API String ID: 1725874428-3443410124
                                                                • Opcode ID: 28fb33c09469ff9e13d7ee9f9227ff8786336fecd2f731ec637d61be78e8f4f9
                                                                • Instruction ID: 8c0fe2f76ff9b6c02aac727f085f2913fcbdd448aa18211c24c0dff7df8f7925
                                                                • Opcode Fuzzy Hash: 28fb33c09469ff9e13d7ee9f9227ff8786336fecd2f731ec637d61be78e8f4f9
                                                                • Instruction Fuzzy Hash: D3914B75A002149FCB14DF59C984EAABBF1AF48314F198099E80A9F3A2C735ED85DF91
                                                                Function 00F6E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __startOneArgErrorHandling.LIBCMT ref: 00F6E30D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorHandling__start
                                                                • String ID: pow
                                                                • API String ID: 3213639722-2276729525
                                                                • Opcode ID: d28bcab09331b24efd3eb1db761a769766b9d4b2c0b2185fc4dc6cb3ce18b313
                                                                • Instruction ID: 20c9d4b9e8e64b59101d28ef0e7a68ea34ecff6dfbf987c43918806a1ca08609
                                                                • Opcode Fuzzy Hash: d28bcab09331b24efd3eb1db761a769766b9d4b2c0b2185fc4dc6cb3ce18b313
                                                                • Instruction Fuzzy Hash: E7515E67E1C30196CB157714CD4237A3B99AB40760F30C96AE0D9873E9EF354C95BA87
                                                                Function 00FC7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(00F9569E,00000000,?,00FDCC08,?,00000000,00000000), ref: 00FC78DD
                                                                  • Part of subcall function 00F46B57: _wcslen.LIBCMT ref: 00F46B6A
                                                                • CharUpperBuffW.USER32(00F9569E,00000000,?,00FDCC08,00000000,?,00000000,00000000), ref: 00FC783B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: BuffCharUpper$_wcslen
                                                                • String ID: <s
                                                                • API String ID: 3544283678-4213590918
                                                                • Opcode ID: 480c57ba2538e10d9f81012c4769f541967fcd1283311093293a3f13a38f6f16
                                                                • Instruction ID: 96a5229eadfff3f18581976384787301201a173096072d1e63aebf4108de93f6
                                                                • Opcode Fuzzy Hash: 480c57ba2538e10d9f81012c4769f541967fcd1283311093293a3f13a38f6f16
                                                                • Instruction Fuzzy Hash: 5261317291421AAACF04FFA4CD92EFDB774BF14300B545129E942B7191EB386A05EBA1
                                                                Function 00F5E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1885708031
                                                                • Opcode ID: 2e21b175a0e6e9aad40c320861dd50567785f0cebadc90a87241768fa9330774
                                                                • Instruction ID: f6c279d41cb35a52c52a885ed9028c2bb1e17e8121d0e56815fd9bbf0292b2c3
                                                                • Opcode Fuzzy Hash: 2e21b175a0e6e9aad40c320861dd50567785f0cebadc90a87241768fa9330774
                                                                • Instruction Fuzzy Hash: CB513535D04346DFEF19DFA8C4816FA7BA8EF16320F244055ED619B2C0D6349E46EBA2
                                                                Function 00F5F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNEL32(00000000), ref: 00F5F2A2
                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00F5F2BB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: GlobalMemorySleepStatus
                                                                • String ID: @
                                                                • API String ID: 2783356886-2766056989
                                                                • Opcode ID: c67dcbeef0f789ad0ba845c4d45917a09ebe2226575768d3e68c403773878766
                                                                • Instruction ID: d36f6a8659e82a4a379c35074c25bd9e4f602b61683757f4307f04a59384748b
                                                                • Opcode Fuzzy Hash: c67dcbeef0f789ad0ba845c4d45917a09ebe2226575768d3e68c403773878766
                                                                • Instruction Fuzzy Hash: 615166714097489BD320AF54DC86BABBBF8FF84310F81884DF5D941195EB358528DB67
                                                                Function 00FC5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00FC57E0
                                                                • _wcslen.LIBCMT ref: 00FC57EC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: BuffCharUpper_wcslen
                                                                • String ID: CALLARGARRAY
                                                                • API String ID: 157775604-1150593374
                                                                • Opcode ID: c474e50f86db14c0130dc036c41956eadef4754854f82a4cb89a026f125f3859
                                                                • Instruction ID: 3fca790127421973587c2d933986b46cb07efd6187136ebd734311f5a326bc3a
                                                                • Opcode Fuzzy Hash: c474e50f86db14c0130dc036c41956eadef4754854f82a4cb89a026f125f3859
                                                                • Instruction Fuzzy Hash: 3241A371E0010A9FCB14DFA8C982EBEBBB5EF59760F14405DF505A7291D734AD81EBA0
                                                                Function 00FBD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00FBD130
                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00FBD13A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CrackInternet_wcslen
                                                                • String ID: |
                                                                • API String ID: 596671847-2343686810
                                                                • Opcode ID: 6c624d0f020d877ca9e8a3c5e0c5959bc0bc3e0d48022e9265991feb7770f459
                                                                • Instruction ID: 7844fed17e9c79ee1b82ca2eab6b1403bdad48b49896b38e814b4775b78546b8
                                                                • Opcode Fuzzy Hash: 6c624d0f020d877ca9e8a3c5e0c5959bc0bc3e0d48022e9265991feb7770f459
                                                                • Instruction Fuzzy Hash: 30315C71D00209ABDF15EFA5CC85AEEBFB9FF05310F000019F815A6162EB35AA06EF65
                                                                Function 00FD356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00FD3621
                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00FD365C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$DestroyMove
                                                                • String ID: static
                                                                • API String ID: 2139405536-2160076837
                                                                • Opcode ID: d1ca289f7715d3d39137dcea50ff204b9e576b04e9d58d1110216300194c55db
                                                                • Instruction ID: cfe5a7b52abd5f6bb5b3e7ebdc5b3d8b5d58e3dc1700f17b02b9161fc681e2d5
                                                                • Opcode Fuzzy Hash: d1ca289f7715d3d39137dcea50ff204b9e576b04e9d58d1110216300194c55db
                                                                • Instruction Fuzzy Hash: 0D318D71510604AEDB109F38DC81FFB73AAFF88760F04961AF9A597280DA35ED81E761
                                                                Function 00FD4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00FD461F
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00FD4634
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: '
                                                                • API String ID: 3850602802-1997036262
                                                                • Opcode ID: ffdc0e40038bdc682c8815f290e7f67eb2c2481a19bd011eda7390d91bfc6632
                                                                • Instruction ID: 67e698e758890f890fba7e31aae9aa833399596a985d57542cc404d8803fd1b1
                                                                • Opcode Fuzzy Hash: ffdc0e40038bdc682c8815f290e7f67eb2c2481a19bd011eda7390d91bfc6632
                                                                • Instruction Fuzzy Hash: 50314974A0020A9FDF14CF69D980BDABBB6FF09300F18406AE905AB381D730E901DF90
                                                                Function 00FD31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00FD327C
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FD3287
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: Combobox
                                                                • API String ID: 3850602802-2096851135
                                                                • Opcode ID: c090b47fcb8dd6cf9325ea9c30874194ee86a4e03fd82f9a99d6981cfaf21fd3
                                                                • Instruction ID: dc8525519bc31dcfdcb216709ffa181f2b8d2b6d7bc0d07a68243f73b9aa98d3
                                                                • Opcode Fuzzy Hash: c090b47fcb8dd6cf9325ea9c30874194ee86a4e03fd82f9a99d6981cfaf21fd3
                                                                • Instruction Fuzzy Hash: 7711E272B002087FFF219F54DC80EBB3B6BEB983A5F14412AFA1897390D6359D51A760
                                                                Function 00FD3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F4600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F4604C
                                                                  • Part of subcall function 00F4600E: GetStockObject.GDI32(00000011), ref: 00F46060
                                                                  • Part of subcall function 00F4600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F4606A
                                                                • GetWindowRect.USER32(00000000,?), ref: 00FD377A
                                                                • GetSysColor.USER32(00000012), ref: 00FD3794
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                • String ID: static
                                                                • API String ID: 1983116058-2160076837
                                                                • Opcode ID: 73e4a22ffaa92d1176df983dc5cfaa246755bdd816483c9d1ee1461ea165dde6
                                                                • Instruction ID: 48f4113ad9ebff633ec2720c3d03e955949e9c0acd7872a4dfac6d9d20d2d231
                                                                • Opcode Fuzzy Hash: 73e4a22ffaa92d1176df983dc5cfaa246755bdd816483c9d1ee1461ea165dde6
                                                                • Instruction Fuzzy Hash: 661129B261060AAFDF00DFB8CC46AEA7BB9EB08354F044516FE55E2250D735E851EB61
                                                                Function 00FBCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00FBCD7D
                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00FBCDA6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$OpenOption
                                                                • String ID: <local>
                                                                • API String ID: 942729171-4266983199
                                                                • Opcode ID: a7468711d98d928b33e0ee459af8595e21f00b5fac97d94e8abee5b419e6ee2b
                                                                • Instruction ID: f0e9d710e17a0b26d306bc66b64ad98a2a3abc49da39f77ab9115ff64c95a71c
                                                                • Opcode Fuzzy Hash: a7468711d98d928b33e0ee459af8595e21f00b5fac97d94e8abee5b419e6ee2b
                                                                • Instruction Fuzzy Hash: 6A1106766016367AD7344B678C44FE7BE6DEF167B4F40422AB16983080D7709840EAF0
                                                                Function 00FD3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00FD34AB
                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00FD34BA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: LengthMessageSendTextWindow
                                                                • String ID: edit
                                                                • API String ID: 2978978980-2167791130
                                                                • Opcode ID: 9eb2547906e39445bbb84b1a7d1b3ff1c0276a2430fa5086b7b5fe6bf77ce575
                                                                • Instruction ID: 07000f095f3f13c896c4f9655ed4100bb46ad2a00beb57e6f76ea9895ca8bcc4
                                                                • Opcode Fuzzy Hash: 9eb2547906e39445bbb84b1a7d1b3ff1c0276a2430fa5086b7b5fe6bf77ce575
                                                                • Instruction Fuzzy Hash: C511BF71500108AFEB118E64EC40AEB3B6BEB06374F544326FA60932D4C779DC51A752
                                                                Function 00FA6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00FA6CB6
                                                                • _wcslen.LIBCMT ref: 00FA6CC2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: STOP
                                                                • API String ID: 1256254125-2411985666
                                                                • Opcode ID: cc202633acb14ff4d08e817a975b7b32080a39d4b15144e781eb1f2fdaf10369
                                                                • Instruction ID: 983bc9fae856d0a0f79cbfb9d5e09e2746932594367d8db9012ca773b80554e7
                                                                • Opcode Fuzzy Hash: cc202633acb14ff4d08e817a975b7b32080a39d4b15144e781eb1f2fdaf10369
                                                                • Instruction Fuzzy Hash: 43012272A0452B8BCB20AFBDDC809BF37B5EF62770B090528E962D3195EB35D900E650
                                                                Function 00FA1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FA3CCA
                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00FA1D4C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 617fca191d7dd11a69a110c2557a5fea1264c430d370e83afa0486ac498693df
                                                                • Instruction ID: cc9a2320bda846a6d493d5529d595992b96e1e4f50129c63a3b67db230c2b1ad
                                                                • Opcode Fuzzy Hash: 617fca191d7dd11a69a110c2557a5fea1264c430d370e83afa0486ac498693df
                                                                • Instruction Fuzzy Hash: 8E0128B5B11229ABCB04EBA4CC51DFF77A8FF03360F000609F872572C1EA745908AA60
                                                                Function 00FA1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FA3CCA
                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00FA1C46
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 09506c317ebbad6138e42e08b54ad345b2874dc64f5072b15ba7923d7501ce4a
                                                                • Instruction ID: 88ab8276f092aec8d371cfa0c5352bb8dfd31f811e9b8396271edcce3b779856
                                                                • Opcode Fuzzy Hash: 09506c317ebbad6138e42e08b54ad345b2874dc64f5072b15ba7923d7501ce4a
                                                                • Instruction Fuzzy Hash: 5C01A7B5BC111966DB04EBA0DD51EFF77ACAF12360F140019B906672C2EA649E08E6B1
                                                                Function 00FA1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FA3CCA
                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00FA1CC8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 52a05a1cc86b03f60d96108e0523d00414f24dd1e240464c2ae51b835d8d5b46
                                                                • Instruction ID: 7f26de14975ad76f7cb391e1f104bad50552ab36879eab2db5934e8ba299df99
                                                                • Opcode Fuzzy Hash: 52a05a1cc86b03f60d96108e0523d00414f24dd1e240464c2ae51b835d8d5b46
                                                                • Instruction Fuzzy Hash: A701DBF5B8111967DF04E7A4DE41AFF77E8AB12350F540015BC0177281EA649F08E6B1
                                                                Function 00FA1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F49CB3: _wcslen.LIBCMT ref: 00F49CBD
                                                                  • Part of subcall function 00FA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FA3CCA
                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00FA1DD3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: f6e5098ee53fa133dc067f4dfaebed667e363460f7e763cb6a38e0742d75a920
                                                                • Instruction ID: 8a717fe9351c1af4afed735af008173e90f9f68a30bfe0655969acf207fc17bd
                                                                • Opcode Fuzzy Hash: f6e5098ee53fa133dc067f4dfaebed667e363460f7e763cb6a38e0742d75a920
                                                                • Instruction Fuzzy Hash: 3CF02DB1F5122966D704F7A4DC51FFF77B8BB03350F040919B822672C1DA645908A6A0
                                                                Function 00FC747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: 3, 3, 16, 1
                                                                • API String ID: 176396367-3042988571
                                                                • Opcode ID: a36e930afb44a3518ccc8af864ff0eb7e0e3b78f3381e04ce3bf4273ab61d3ec
                                                                • Instruction ID: 4139662d3c10d582cd10358620ed8d6820aec23864311858b6ddddd679364ffa
                                                                • Opcode Fuzzy Hash: a36e930afb44a3518ccc8af864ff0eb7e0e3b78f3381e04ce3bf4273ab61d3ec
                                                                • Instruction Fuzzy Hash: 9CE02B0264472150A235327A9DC3F7F668ADFC5760710182FF981C2266EA989D91B3A0
                                                                Function 00FA0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00FA0B23
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: AutoIt$Error allocating memory.
                                                                • API String ID: 2030045667-4017498283
                                                                • Opcode ID: 3c1796cb818597e47c4f29da19f41308d0630ee85c802f6517492550de7c71db
                                                                • Instruction ID: dc859632ecd3e1546785410070eeda7d911d82f87584a590524abb3a66d73a3d
                                                                • Opcode Fuzzy Hash: 3c1796cb818597e47c4f29da19f41308d0630ee85c802f6517492550de7c71db
                                                                • Instruction Fuzzy Hash: F7E0D83124430926D2143754BC03F897B958F06B61F10046BFB98955C38ED66454B6EA
                                                                Function 00F60D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00F5F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00F60D71,?,?,?,00F4100A), ref: 00F5F7CE
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00F4100A), ref: 00F60D75
                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00F4100A), ref: 00F60D84
                                                                Strings
                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00F60D7F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                • API String ID: 55579361-631824599
                                                                • Opcode ID: ac3529a3d0686d770be90c81d12c04f095082f11fd8bfde80f0f362f9b77950e
                                                                • Instruction ID: 797f72d78692eba4c7fcd944ff673ef840dcc576e3c4bba87ec3f66abf5200ab
                                                                • Opcode Fuzzy Hash: ac3529a3d0686d770be90c81d12c04f095082f11fd8bfde80f0f362f9b77950e
                                                                • Instruction Fuzzy Hash: CBE06D702003018BD3309FB8E8047427BE5AB04746F048A2EE882C6756DFB9E448EB91
                                                                Function 00FB3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00FB302F
                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00FB3044
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: Temp$FileNamePath
                                                                • String ID: aut
                                                                • API String ID: 3285503233-3010740371
                                                                • Opcode ID: 3fee4758380c5905f716aecb2a16d044a21bf7050ca442e33ce0abf0b01d8c3a
                                                                • Instruction ID: 0c84de8c25d52040d7f2433b778fd338bedc24f4d3332f4e22c30a575c52aacb
                                                                • Opcode Fuzzy Hash: 3fee4758380c5905f716aecb2a16d044a21bf7050ca442e33ce0abf0b01d8c3a
                                                                • Instruction Fuzzy Hash: D3D05E725013286BDA20A7A5AC0EFCB3B6CDB05761F0002A2B695D6091DAB09984CAE0
                                                                Function 00F9D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: LocalTime
                                                                • String ID: %.3d$X64
                                                                • API String ID: 481472006-1077770165
                                                                • Opcode ID: dfb9e0e09aec5f9e2aa4a38fcc5a8b4cb2710fc71dd152aa5e3a41254ca40768
                                                                • Instruction ID: 39217a97fbfb504fbad1abeb6071fc9cecca4aadfc1a16f3cc6ef68f52376d41
                                                                • Opcode Fuzzy Hash: dfb9e0e09aec5f9e2aa4a38fcc5a8b4cb2710fc71dd152aa5e3a41254ca40768
                                                                • Instruction Fuzzy Hash: 96D01262805109E9EF9097E0CC45AB9B37CAB58302F708452FE46D1040D628D50CB761
                                                                Function 00FD2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00FD236C
                                                                • PostMessageW.USER32(00000000), ref: 00FD2373
                                                                  • Part of subcall function 00FAE97B: Sleep.KERNEL32 ref: 00FAE9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: c0c5ea0ab3711434364ac77209f02926ab26f589d25aa6ad3ae80743841ac0fb
                                                                • Instruction ID: 84a2c71c895f61b7551ff2ca5d040f30c702a5b6dc4c17d44246cebd3a19697f
                                                                • Opcode Fuzzy Hash: c0c5ea0ab3711434364ac77209f02926ab26f589d25aa6ad3ae80743841ac0fb
                                                                • Instruction Fuzzy Hash: 57D0A9323823107AEA64A330AC0FFC6761AAB04B00F0009067249AA1D0C9A0A800DA84
                                                                Function 00FD2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00FD232C
                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00FD233F
                                                                  • Part of subcall function 00FAE97B: Sleep.KERNEL32 ref: 00FAE9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: 375b38f779c1b4ab15819f9160a34b267b719f0294d13d34b5233b480af75a60
                                                                • Instruction ID: fd9e402f0985b9e8a193fab477fec8fd305b7d7b2d166c1b540e9fa573e4fffd
                                                                • Opcode Fuzzy Hash: 375b38f779c1b4ab15819f9160a34b267b719f0294d13d34b5233b480af75a60
                                                                • Instruction Fuzzy Hash: AAD02232381310B7EA64B330EC0FFC77B1AAB00B00F0009077349AA1D0C9F0A800DA80
                                                                Function 00F7BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00F7BE93
                                                                • GetLastError.KERNEL32 ref: 00F7BEA1
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F7BEFC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1649128586.0000000000F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F40000, based on PE: true
                                                                • Associated: 00000000.00000002.1648864252.0000000000F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000000FDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1649632135.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650295818.000000000100C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1650373571.0000000001014000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_f40000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                • String ID:
                                                                • API String ID: 1717984340-0
                                                                • Opcode ID: 53624437620965050912355c715a139342a3f17ff5afa2e5b0d0265afe989967
                                                                • Instruction ID: da1d9c4d5d6e29afcda7e028196763bd3f064e28420e45f65e2b2d48ec2503bd
                                                                • Opcode Fuzzy Hash: 53624437620965050912355c715a139342a3f17ff5afa2e5b0d0265afe989967
                                                                • Instruction Fuzzy Hash: F541E835A05216AFCF218FA4CC54BEA7BA59F43720F14816BF95D972A1DB308C00EB62

                                                                Executed Functions

                                                                Function 0000028E8BA5127E Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000003.2278083712.0000028E8BA51000.00000020.00000800.00020000.00000000.sdmp, Offset: 0000028E8BA51000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_3_28e8ba51000_firefox.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b59a35032fe437ac2267cd5251898e292122b63cddca96471bdb7a05f34c4d8f
                                                                • Instruction ID: e93b2df28681a8fc9fa7ad78c535b607e91b2be107383b7aa5a3582229977b59
                                                                • Opcode Fuzzy Hash: b59a35032fe437ac2267cd5251898e292122b63cddca96471bdb7a05f34c4d8f
                                                                • Instruction Fuzzy Hash: 4211A034619A0D9FCF84DFA8C8C4B6A37B1FBAD301F1546E8D509CB296DA31E851CB90

                                                                Execution Graph

                                                                Execution Coverage:0.4%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:100%
                                                                Total number of Nodes:6
                                                                Total number of Limit Nodes:0
                                                                execution_graph 4998 1ec873ea6f7 4999 1ec873ea707 NtQuerySystemInformation 4998->4999 5000 1ec873ea6a4 4999->5000 5001 1ec873e2df2 5002 1ec873e2e49 NtQuerySystemInformation 5001->5002 5003 1ec873e11c4 5001->5003 5002->5003

                                                                Callgraph

                                                                Executed Functions

                                                                Function 000001EC873EA6F7 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2904139984.000001EC873E8000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001EC873E8000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_1ec873e8000_firefox.jbxd
                                                                Similarity
                                                                • API ID: InformationQuerySystem
                                                                • String ID:
                                                                • API String ID: 3562636166-0
                                                                • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                • Instruction ID: d80773ab672104955912bb9b64f6e1ddb820770a5bba01bfd014998140a573d5
                                                                • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                • Instruction Fuzzy Hash: E0A3C431614A8D8BDB2EDF28DC85AE973D5FB55304F04422EDD4BC7651EA30EA528BC2
                                                                Function 000001EC873D4B14 Relevance: 1.1, Instructions: 1086COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2850 1ec873d4b14-1ec873d5c83 2851 1ec873d5c87-1ec873d5c89 2850->2851 2852 1ec873d5c8b-1ec873d5cc2 2851->2852 2853 1ec873d5cdf-1ec873d5d11 2851->2853 2852->2853
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2903611528.000001EC873D4000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001EC873D4000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_1ec873d4000_firefox.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1aeed170a5be69cf9e94b5829cbb5e794d98b984b5a93649782a3dbcbf69e2e1
                                                                • Instruction ID: 84822079c6848cebf139b508dd4e04f162e9adf49573571384d1cd04dbc15c4c
                                                                • Opcode Fuzzy Hash: 1aeed170a5be69cf9e94b5829cbb5e794d98b984b5a93649782a3dbcbf69e2e1
                                                                • Instruction Fuzzy Hash: 1F21C33250DB8C4FD745DF28C844A56BBE0FB6A310F1446AFE0C9C3292E638D9458782